US Pat. No. 10,171,917

LATERAL MODE CAPACITIVE MICROPHONE

GMEMS Technologies Intern...

1. A capacitive microphone comprising a first electrical conductor and a second electrical conductor configured to have a relative spatial relationship therebetween,wherein a mutual capacitance can be generated between the first electrical conductor and the second electrical conductor;
wherein said relative spatial relationship and said mutual capacitance can both be varied by an acoustic pressure impacting upon the first electrical conductor and/or the second electrical conductor along a range of impacting directions in 3D space;
wherein said mutual capacitance is varied the most by an acoustic pressure impacting upon the first electrical conductor and/or the second electrical conductor along one direction among said range of impacting directions, said one direction being defined as the primary direction;
wherein the first electrical conductor has a first projection along said primary direction on a conceptual plane that is perpendicular to said primary direction;
wherein the second electrical conductor has a second projection along said primary direction on the conceptual plane;
wherein the first projection and the second projection have a shortest distance Dmin therebetween, and Dmin remains greater than zero regardless of whether the first electrical conductor and/or the second electrical conductor is (are) impacted by an acoustic pressure along said primary direction or not;
wherein the second electrical conductor, as one plate of a capacitor, moves up and down along the primary direction, and laterally moves over, or glides over, the first electrical conductor along the primary direction,
wherein the capacitive microphone further comprises a substrate, the substrate is viewed as said conceptual plane, and the first electrical conductor and the second electrical conductor are constructed above the substrate side-by-side;
wherein the first electrical conductor is fixed relative to the substrate, the second electrical conductor comprises a membrane that is movable relative to the substrate, and said primary direction is perpendicular to the membrane plane; and
wherein the capacitive microphone further comprises an air flow restrictor that restricts the flow rate of air that flows in/out of the gap between the membrane and the substrate, and the air flow restrictor comprises a groove and an insert that can insert into the groove.

US Pat. No. 10,171,905

HEADPHONES WITH FREQUENCY-TARGETED RESONANCE CHAMBERS

TRANSOUND ELECTRONICS CO....

1. A headphone device, comprising:a housing, the housing including a first chamber, a second chamber, a first through-hole, wherein the first chamber and the second chamber are separated by a first wall, and the first through-hole is in the first wall;
a loudspeaker assembly in the housing, the loudspeaker assembly including a yoke, a magnet, a washer, a voice coil, and a diaphragm, wherein the yoke, the magnet, the washer, and the voice coil are positioned corresponding to the first through-hole, the diaphragm being connected on the voice coil in the first chamber;
a first annular portion in the housing, wherein the first annular portion including a first auxiliary hole and a second auxiliary hole, each of the first auxiliary hole and the second auxiliary hole overlapping a portion of the first through-hole, wherein the first auxiliary hole is covered with a first sound-proof material and the second auxiliary hole is covered with a second sound-proof material and wherein the first sound-proof material filters a first frequency range and the second sound-proof material filters a second frequency range, the first frequency range being substantially different from the second frequency range.

US Pat. No. 10,171,876

MEDIA SWITCH DEVICE, MEDIA SWITCH SYSTEM AND MEDIA SWITCH METHOD

ATEN INTERNATIONAL CO., L...

1. A media switching method, implemented in a media switch device, the media switch device comprising at least one media input port, a media input/extension composite port, and a media output port, the media input/extension composite port configured to be coupled to either a source device or to another media switch device, the media output port configured to be coupled to either a sink device or to yet another media switch device, the at least one media input port each configured to be coupled to a source device, the media switching method comprising:receiving a response command from the media input/extension composite port to determine whether the media input/extension composite port is coupled to a source device or another media switch device; and
receiving a query command from the media output port to determine whether the media output port is coupled to a sink device or yet another media switch device.

US Pat. No. 10,171,868

METHOD FOR PROCESSING AUDIO DATA, TERMINAL AND TELEVISION

Qingdao Hisense Electroni...

18. A television, comprising:an input interface configured to receiving audio data from a plurality of television channels;
a channel switcher configured to switching the plurality of television channels;
an audio capturer configured to capture audio data of the plurality of television channels;
a buffer configured to buffer the audio data captured by the audio capturer; and
a control reader configured to control to read the audio data in the buffer,
an audio post-processor configured to perform a preset sound processing to the audio data read by the control reader; and
an audio player configured to play the audio data processed by the audio post-processor,
wherein, the control reader is configured to:
set a first queue for managing at least one configured information control node of audio data to be played, wherein each of the at least one configured information control node contains attribute information for the audio data to be played;
unchain a unit of the at least one configured information control node from the first queue;
read audio data to be played corresponding to the unit of the at least one configured information control node according to the attribute information for the audio data to be played in the unit of the at least one configured information control node; and
chain the unit of the at least one configured information control node to a second queue which is used for managing at least one configured information control node of played audio data.

US Pat. No. 10,171,841

METHOD AND DEVICE FOR ENCODING/DECODING VIDEO BITSTREAM

ZHEJIANG UNIVERSITY, Han...

1. A decoding method, comprising:Decoding, by a processor, a slice bitstream to obtain parameter set indication information carried in the slice bitstream and used for indicating a camera parameter set;
acquiring, by the processor, camera parameters from the camera parameter set indicated by the parameter set indication information; and
decoding, by the processor, the slice bitstream according to the acquired camera parameters;
wherein each of the camera parameter set comprises V*F*M camera parameters, V represents the number of the viewpoints comprised in the camera parameter set, F represents the number of the camera parameter subsets comprised in the camera parameter set, and M represents the number of the types of the camera parameters comprised in the camera parameter set, and V, F and M are positive integers, wherein the camera parameters corresponding to the different viewpoints at the same moment form a camera parameter subset.

US Pat. No. 10,171,820

DIGITAL IMAGE RECOMPRESSION

Dropbox, Inc., San Franc...

1. A system, comprising:one or more processors;
storage media; and
one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions configured for:
obtaining compressed image data that is a coded representation of a digital image;
decoding the compressed image data to obtain at least one block of quantized discrete cosine transform (DCT) coefficients corresponding to a sample block of the digital image, the block of quantized DCT coefficients comprising a DC coefficient and a plurality of non-zero AC coefficients;
determining probability estimates for binary symbols of binarized representations of the plurality of non-zero AC coefficients based, at least in part, on classifying each non-zero AC coefficient of the plurality of non-zero AC coefficients as being part of at most one of: (a) a top-edge row of AC coefficients of the block of quantized DCT coefficients, (b) a left-edge column of AC coefficients of the block of quantized DCT coefficients, or (c) a sub-block of AC coefficients of the block of quantized DCT coefficients;
wherein a particular non-zero AC coefficient of the plurality of non-zero AC coefficients is classified as being part of (c) the sub-block of AC coefficients;
wherein determining probability estimates for binary symbols of a binarized representation of the particular non-zero AC coefficient is based on:
an AC coefficient corresponding in position to the particular non-zero AC coefficient in an above quantized DCT block of coefficients,
an AC coefficient corresponding in position to the particular non-zero AC coefficient in a left quantized DCT block of coefficients, and
an AC coefficient corresponding in position to the particular non-zero AC coefficient in an above-left quantized DCT block of coefficients;
arithmetic coding the binary symbols based, at least in part, on the probability estimates; and
based, at least in part, on the arithmetic coding, storing further compressed image data that is a coded representation of the digital image, the further compressed image data being lossless with respect to the compressed image data, the further compressed image data requiring fewer bytes to store in storage media than required by the compressed image data.

US Pat. No. 10,171,804

VIDEO FRAME ENCODING SCHEME SELECTION

GOOGLE LLC, Mountain Vie...

1. A method for encoding a video stream, the method comprising:determining, using at least one of a historical video encoding data and a simulated encoding data generated based on at least one measurement of a time of a video encoding, a first estimated time period for encoding a frame of the video stream based on a first algorithm configured to estimate a processing time for encoding the frame, the first algorithm being based on a first input control signal corresponding to at least one variable setting of an encoder processing block, the at least one variable setting having a first predetermined processing time used as a variable in the first algorithm;
determining, using at least one of the historical video encoding data and the simulated encoding data, a second estimated time period for encoding the frame based on a second algorithm configured to estimate a processing time for encoding the frame, the second algorithm being based on a second input control signal corresponding to the at least one variable setting of the encoder processing block, the at least one variable setting having a second predetermined processing time used as a variable in the second algorithm;
measuring an elapsed time period for encoding the frame independent of other frames of the video stream;
comparing the elapsed time period for encoding the frame to at least one of the first estimated time period and the second estimated time period; and
changing an encoding scheme for encoding a subsequent frame of the video stream if the encoding time of the frame is one of less than the first estimated time period and greater than the second estimated time period.

US Pat. No. 10,171,800

INPUT/OUTPUT DEVICE, INPUT/OUTPUT PROGRAM, AND INPUT/OUTPUT METHOD THAT PROVIDE VISUAL RECOGNITION OF OBJECT TO ADD A SENSE OF DISTANCE

MIRAMA SERVICE INC., New...

1. An input/output (I/O) device comprising:a display device that can generate a stereoscopic image in a virtual image display region;
a depth level sensor that measures a distance to an object in a three-dimensional space detection region; and
a control unit that comprises a memory and a processor and performs functions including:
a depth map processing function that sets an overlapping space region of the three-dimensional space detection region, the virtual image display region and an arm movement region in which both hands can move horizontally and vertically with joints of both shoulders being a center of rotation as a manipulation region, and sets a portion other than the manipulation region in the three-dimensional space detection region as a gesture region;
a gesture recognition function that recognizes a gesture of the hands in the gesture region; and
a graphics processing function that manipulates the stereoscopic image based on an output of the depth level sensor in the manipulation region or based on the gesture recognized in the gesture region; and
a calibration processing function that determines display position of the virtual image display region and adjusts automatically correlation of the three-dimensional space detection region and the virtual image display region.

US Pat. No. 10,171,788

PLAYBACK METHOD ACCORDING TO FUNCTION OF PLAYBACK DEVICE

PANASONIC INTELLECTUAL PR...

1. A display device comprising:a first remapper that receives a video signal having a first luminance range, performs electro-optical transfer function (EOTF) conversion associated with the first luminance range on a code value represented by a luminance signal in the video signal to obtain a first luminance value, and converts the first luminance value obtained by the EOTF conversion into a second luminance value associated with a second luminance range different in maximum value from the first luminance range;
a second remapper that receives a graphics signal having the first luminance range and performs the EOTF conversion associated with the first luminance range on a code value represented by a luminance signal in the graphics signal to obtain a third luminance value, but does not perform conversion of the third luminance value obtained by the EOTF conversion;
a synthesizer that synthesizes the video signal having the second luminance value converted by the first remapper with the graphics signal having the third luminance value not converted by the second remapper; and
a display that displays a signal synthesized by the synthesizer.

US Pat. No. 10,171,780

LIGHTING APPARATUS

MAXELL, LTD., Kyoto (JP)...

1. A lighting apparatus comprising:an illuminator configured to emit illumination light;
a projector configured to emit image-projecting light for projecting an image; and
a sensor configured to emit operation-detecting emission light used for operation detection, and to detect an operation by an operation object in a range including an image projection area of the projector,
wherein the illumination light, the image-projecting light, and the operation-detecting emission light have respective different wavelength distribution characteristics,
regarding a light amount in a wavelength range of light used by the sensor for the operation detection, a light amount of the operation-detecting emission light is the largest among those of the illumination light, the image-projecting light, and the operation-detecting emission light,
the projector has an optical filter configured to cut off or to reduce a wavelength in a non-visible light range, the optical filter being disposed at any position on such an optical path in which light from a light source becomes the image-projecting light,
the illuminator has an optical filter configured to cut off or to reduce a wavelength in the non-visible light range before light emitted from an illumination light source becomes the illumination light, and
the lighting apparatus further comprises:
a controller configured to set a virtual switch area in an illumination area of the operation-detecting emission light and at a position outside an image projection area of the projector, and to control execution of a given process when the sensor detects an operation by the operation object with respect to the virtual switch area; and
the controller is further configured to control, in setting the position of the virtual switch area, a display for a setting guide expression for a user in the image projection area of the projector so that the position of the virtual switch area can be set at a position intended by the user outside the image projection area of the projector.

US Pat. No. 10,171,776

SYSTEMS AND METHODS FOR VIDEO MONITORING USING LINKED DEVICES

Verint Systems Ltd., (IL...

1. A video monitoring system for a predetermined area, comprising:a map representing the predetermined area, on which icons are placed and configured, the icons representing at least two video monitoring devices comprising a first video monitoring device and a second video monitoring device, the at least two video monitoring devices deployed in the predetermined area;
a first scene of a plurality of scenes, the first scene specifying a relationship between the first video monitoring device and the second video monitoring device, the first video monitoring device being a main video monitoring device for the first scene, wherein the second video monitoring device is logically linked to the main video monitoring device;
a recorder, the recorder configured to record video feed data received from the at least two logically linked video monitoring devices to stable storage; and
a video manager that receives the map, the video feed data, and the first scene, displays the map, the video feed data, and a navigation display based on the first scene, and accepts input from a user to track an entity through the predetermined area,
wherein the first scene comprises linked video data from a plurality of video monitoring devices, and
wherein the video manager is configured to generate graphical representations of a plurality of connections, at least one connection extending between the first scene and the video feed data from the logically linked second video monitoring device, wherein each connection of the at least one connections is indicative of an exit point from the range of view of the first scene that results in entry of a range of view in the video feed data from the logically linked second video monitoring device.

US Pat. No. 10,171,775

AUTONOMOUS VEHICLE VISION SYSTEM

VECNA TECHNOLOGIES, INC.,...

1. A method of autonomously operating an autonomous vehicle, comprising:providing a vision system having at least two cameras in operable communication with the autonomous vehicle for providing substantially similar views relative to the vehicle, the at least two cameras receiving information relating to the views and the views at least being substantially in the direction of travel of the vehicle, the two cameras alone at least capable of determining distances between the autonomous vehicle and any objects in the autonomous vehicle's path;
providing a stand-alone laser in operable communication with the vehicle only for selectively shining a single discrete mark on at least a portion of the views provided to the at least two cameras, wherein a shape of the single discrete mark is determined from a template stored in a memory of the autonomous vehicle;
determining whether the information received by the at least two cameras is at least ambiguous regarding the views and therefore capable of more than one interpretation with regard to the direction of travel of the vehicle;
in response to determining that the information received by the at least two cameras is ambiguous, activating the laser to project the single discrete mark into the views provided by the at least two cameras, wherein the single discrete mark is projected in the shape determined from the template stored in the memory of the autonomous vehicle;
detecting the projected single discrete mark within a corresponding portion of each of the views provided by the at least two cameras, the detecting based on analyzing objects contained in each of the views against expected shape information of the single discrete mark contained within the template;
in response to detecting the projected single discrete mark within each of the views provided by the at least two cameras, deactivating the laser; and
calculating a distance to an object upon which the projected single discrete mark impinges, the calculating based on image data contained within the corresponding portion in which the projected single discrete mark was detected in each of the views provided by the at least two cameras, in order to thereby resolve the ambiguity.

US Pat. No. 10,171,770

IMAGE PLAYBACK DEVICE, DISPLAY DEVICE, AND TRANSMISSION DEVICE

Maxell, Ltd., Kyoto (JP)...

1. A video playback apparatus comprising:a transmission apparatus configured to transmit video data, and
a display apparatus configured to display video based on the video data from the transmission apparatus,
wherein the transmission apparatus includes a first processor programmed to:
receive an encoded data stream,
generate decoded video data in a first format by decoding the encoded data stream,
transmit, to the display apparatus, available interpolation data information indicating a plurality of kinds of interpolation data based on the decoded video data in the first format,
receive, from the display apparatus, selection information indicating a selected kind of interpolation data,
generate video data in a second format and interpolation data from the decoded video data in the first format on the basis of the selection information, and
transmit, to the display apparatus, the generated video data in the second format and the generated interpolation data,
wherein the display apparatus includes a second processor programmed to:
select the one of the kinds of interpolation data according to a predetermined priority order and based on the received available interpolation data information, and
transmit the selection information indicating the selected kind of interpolation data,
receive, from the transmission apparatus, the generated video data in the second format and the generated interpolation data, and
display the video resulting from interpolation of the received video data based on the received interpolation data for interpolating differences between the second format and the first format, and
wherein the first processor is further programmed to:
generate interpolation data list information indicating a list of the kinds of interpolation data capable of being generated by the transmission apparatus based on the encoded data stream as the available interpolation data information.

US Pat. No. 10,171,764

APPARATUS, SYSTEM AND METHOD FOR A MANUFACTURED IMAGER SYSTEM

Jabil Inc., St. Petersbu...

1. A method of manufacturing an in-process modifiable imager system, comprising:fixing the imager system relative to a focal target;
activating an imager in the imager system;
assessing a baseline optical signature at least partially dictated by a prior process step parameter of the activated imager, based on a first optical response of the aspects to the focal target;
responsive to the baseline optical signature, computing via at least one computing processor applying non-transitory computing code of at least one first parameter for material, the first parameter being selected from the group consisting of height, thickness and composition, to be deposited onto or between one or more layers of which the prior process step parameter on the imager is indicative, wherein the at least one first parameter is modified from the prior process step parameter; and
executing a first depositing via a materials deposition process of the at least one first parameter of material on the imager based upon the computing via the at least one computing processor.

US Pat. No. 10,171,763

METHOD FOR FIXED PATTERN NOISE REDUCTION AND USE OF SUCH METHOD

Axis AB, Lund (SE)

1. A method for structural fixed pattern noise reduction in a video stream comprises:defining a pixel to be processed in a first image frame as a target pixel;
for each target pixel in the first image frame,
defining a first target pixel patch including the target pixel,
defining a first search area comprising the first target pixel patch, and
for each pixel in the first search area,
comparing a first pixel patch around the pixel in the first search area with the first target pixel patch, and
using the pixel in the first search area when calculating an average for the target pixel if similarity between the first pixel patch and the first target pixel patch is within a first threshold;
in a second image frame,
localizing a second target pixel,
defining a second search area comprising the second target pixel, and
for each pixel in the second search area,
comparing a second pixel patch around the pixel in the second search area with the first target pixel patch, and
using the pixel in the second search area when calculating the average for the target pixel if similarity between the second pixel patch and the first target pixel patch is within a second threshold; and
correcting the first image frame based on a value indicative of the average for the target pixel;
wherein the first image frame and the second image frame are separate image frames in the video stream, and wherein the step of localizing a second target pixel comprises estimating a location of the second target pixel using a location of the target pixel and camera directional data.

US Pat. No. 10,171,756

IMAGE-BASED LOCALIZATION OF ULTRAVIOLET CORONA

THE UNITED STATES OF AMER...

1. A method for identifying a fault in an electrical distribution system using an unmanned aerial vehicle (UAV), the method comprising:capturing an ultraviolet (UV) corona emission image of a corona event, the corona event being associated with a component of the electrical distribution system;
processing the UV corona emission image of the corona event to identify a center and a boundary of the UV corona emission image, the identified center being a UV nucleus of the UV corona emission image and the boundary demarcating an extent of the UV corona emission image;
capturing an image of the corona event in the visible band of the electromagnetic spectrum, such that the captured image includes the identified center of the UV emission image; and
generating and displaying an overlay on the captured image of the corona event, the displayed overlay identifying the center and the boundary of the UV corona emission image.

US Pat. No. 10,171,741

EYE-PROTECTION CONTROL METHOD OF MOBILE DEVICE

HannsTouch Solution Incor...

1. An eye-protection control method of a hand-held mobile device, wherein the hand-held mobile device comprises a display screen and an image capture unit, and the eye-protection control method comprises:capturing an image by the image capture unit when the display screen of the hand-held mobile device is being watched;
performing a human face detection to the image to judge whether the image has a human face information of a user by the hand-held mobile device;
counting a plurality of time periods when the image has the human face information and adding up the time periods to a cumulative time by the hand-held mobile device, wherein the time periods are separated from each other by at least one interval; and
performing a judgment through the cumulative time and a time threshold, and performing an eye-protection operation when the cumulative time is larger than the time threshold by the hand-held mobile device.

US Pat. No. 10,171,739

IMAGE PICKUP DEVICE

Panasonic Intellectual Pr...

1. An image pickup device comprising:an optical system including a plurality of lenses;
an image sensor that captures a subject image formed by the optical system;
a processor configured to correct peripheral light quantity of an image captured by the image sensor;
a shake detector that detects shake of the image pickup device; and
a drive controller that moves at least one of (i) the plurality of lenses and (ii) the image sensor on a plane perpendicular to an optical axis in response to an output signal of the shake detector to correct the shake,
wherein
the processor extracts a predetermined frequency component of the shake and corrects peripheral light quantity by increasing gain of image data outputted from the image sensor in response to correction gain in response to the predetermined frequency component of the shake.

US Pat. No. 10,171,712

THERMAL EXTRACTION ARCHITECTURES FOR CAMERA AND LIGHTING DEVICES

SEESCAN, INC., San Diego...

1. An electronic camera for inspecting hidden or buried utility pipes, comprising:an imaging sensor for capturing images or video of an internal area of a pipe in a digital format and storing the images in a non-transitory memory;
a printed circuit board (PCB) on which the imaging sensor and non-transitory memory is mounted, the PCB including electronics for processing images from the imaging sensor non-transitory memory, the PCB including a thermal extraction area along at least a side of the PCB and a plurality of layers including at least a first thermal extraction layer integral with or coupled to the PCB thermal extraction area, a first electrical connection layer, and a first insulation layer disposed between the first thermal extraction layer and the first electrical connection layer;
a cylindrical watertight housing assembly for enclosing the PCB, the housing assembly including a transparent window and a housing thermal contact area on the interior of the cylinder; and
a curved spring loaded thermal extraction element disposed between the PCB and the cylindrical watertight housing assembly element, the thermal extraction element including a first thermal contact area in thermal contact with the PCB thermal extraction area a second thermal contact area in thermal contact with the housing thermal contact area.

US Pat. No. 10,171,695

OUT-OF BOUNDS DETECTION OF A DOCUMENT IN A LIVE CAMERA FEED

Intuit Inc., Mountain Vi...

9. An apparatus for processing digital images of a document, comprising:a processor; and
a memory having instructions which, when executed by the processor, performs an operation for processing a digital image, the operation comprising:
segmenting a first digital image of a document into pixels associated with a foreground of the first digital image and pixels associated with a background of the first digital image to produce a segmented first digital image;
detecting a plurality of contours in the segmented first digital image;
deciding, for each respective contour of the plurality of contours, whether the respective contour is an open contour or a closed contour;
creating a bounding rectangle for each respective contour of the plurality of contours;
computing an area of the bounding rectangle for each respective contour of the plurality of contours to identify a largest bounding rectangle;
determining that a side of a plurality of sides of the document is out-of-bounds based on whether the largest bounding rectangle bounds a contour of the plurality of contours that is an open contour;
informing a user that the document is out-of-bounds;
informing the user of which particular side of the plurality of sides of the document is out-of-bounds; and
directing the user to capture at least one additional image of the document.

US Pat. No. 10,171,688

MANAGEMENT SERVER TO RECEIVE SCANNED IMAGES AND ALIGN THE SCANNED IMAGES BASED ON PAGE NUMBERS INCLUDED IN THE SCANNED IMAGES

HP PRINTING KOREA CO., LT...

1. A non-transitory computer-readable recording medium in which a program code for executing a control method implemented by a processor of a management server connectable to a plurality of image scanning apparatuses is recorded, the control method comprising:receiving a plurality of scanned images having page information including a page number of the plurality of scanned images, from each of the plurality of image scanning apparatuses that scan each of a plurality of divided manuscripts that are divided from a manuscript;
obtaining, at the processor, the page number of each of the plurality of received scanned images based on character recognition performed on the plurality of received scanned images;
sequentially aligning, at the processor, the plurality of received scanned images based on the page number in the plurality of received scanned images;
storing, at the processor, the plurality of aligned scanned images in one file in a storage; and
determining, at the processor, whether the plurality of received scanned images are a scanning image corresponding to a new job or a scanning image corresponding to an existing job based on job identification information corresponding to the manuscript for identifying each of a plurality of scanning jobs, the job identification information being included in each of the plurality of scanned images received from each of the plurality of image scanning apparatuses.

US Pat. No. 10,171,663

ESTABLISHING A TARGET HANDLE TIME FOR A COMMUNICATION IN A CONTACT CENTER USING ANALYTICS

Noble Systems Corporation...

1. A method for establishing a target handle time for a communication routed to an agent in a contact center comprising:monitoring the communication by an analytics component to identify an occurrence of a keyword in the communication;
identifying a reason for the communication based on the keyword in response to identifying the occurrence of the keyword in the communication;
in response to identifying the reason for the communication:
setting the target handle time for the communication based on the reason identified for the communication; and
displaying a visual representation of the target handle time on a graphical user interface (GUI) displayed on a workstation being used by the agent, the visual representation comprising a component decrementing with a passage of time; and
upon a disposition code being entered by the agent on the workstation for the communication:
confirming by a computer processor the disposition code entered by the agent matches the reason identified for the communication; and
in response to the disposition code matching the reason identified for the communication:
recording the target handle time for the communication in memory; and
in response to the disposition code not matching the reason identified for the communication:
setting a revised target handle time for the communication based on the disposition code; and
recording the revised target handle time for the communication in the memory.

US Pat. No. 10,171,646

SYSTEMS AND METHODS FOR PROVIDING GEOLOCATION SERVICES

CROWDCOMFORT, INC., Wenh...

1. A system for providing geolocation services in a mobile-based crowdsourcing platform, the system comprising:a mobile device for user input and interaction; and
a server configured to communicate with and exchange data with the mobile device, the server comprising a processor coupled to a memory containing instructions executable by the processor to cause the server to:
receive user data from the mobile device, the user data a comprising a location of the user within an environment, movement of the user within the environment over a period of time, and direct user input with a user interface (UI) provided on the mobile device, the user input comprising active user verification and confirmation of at least one of the user's location, movement, and specific landmarks or objects within the user's vicinity within the environment;
determine a location of a vehicle associated with the user based on the user data; and
render a layout of the environment based on the user data, wherein rendering comprises generating a visual model of a layout of the environment in which the user is located or moving to thereby provide a visual indication of the vehicle within the environment.

US Pat. No. 10,171,641

DISPLAY APPARATUS

LG ELECTRONICS INC., Seo...

1. A display apparatus comprising:a display unit configured to display an image;
an input unit configured to receive an input from a user; and
a controller configured to display a first image included in a first region being part of an entire region of an omnidirectionally captured image, and to display a second image included in a second region being part of the entire region of the omnidirectionally captured image if a first input for changing a region displayed on the display unit in the entire region of the omnidirectionally captured image is received,
wherein the second region is a region that is symmetrical to the first region with respect to an uppermost portion of the omnidirectionally captured image,
wherein the first input is an input of dragging a screen so as to change the displayed region from the first region to the second region by passing through the uppermost portion of the omnidirectionally captured image,
wherein the controller is configured to change, in response to the first input, the displayed region from the first region to the second region by passing through the uppermost portion of the omnidirectionally captured image, and
wherein, as the displayed region passes through the uppermost portion, the controller is configured to display an image including the uppermost portion.

US Pat. No. 10,171,640

METHOD, APPARATUS, AND SYSTEM FOR DISPLAYING MESSAGE IN MOBILE TERMINAL

TENCENT TECHNOLOGY (SHENZ...

1. A method for displaying a message in a mobile terminal performed at an apparatus having one or more processors and one or more memories for storing programs to be executed by the processors, the method comprising:obtaining message content that needs to be displayed;
determining a visible area on a screen of a mobile terminal;
calculating a display length and a quantity of display lines of the message content according to the visible area; and
displaying the message content in the visible area in a scrolling manner according to the display length if the quantity of the display lines exceeds a display range of the visible area, wherein after the displaying the message content in the visible area in a scrolling manner according to the display length, further comprising:
destroying the message content when it is determined that display time of the message content exceeds a preset threshold.

US Pat. No. 10,171,624

MANAGEMENT OF PRE-LOADED CONTENT

Comcast Cable Communicati...

1. A method, comprising:harvesting, by a computing device and based on a determination that second content is scheduled to be distributed, first content from disparate web-based content sources on multiple platforms;
after receiving the second content, combining the first content with the second content to generate combined content; and
causing at least a portion of the combined content to be outputted.

US Pat. No. 10,171,615

SMART CACHE WARMING

GOOGLE LLC, Mountain Vie...

1. A method of preemptively caching data within a mobile device, the method comprising:detecting a triggering event, wherein the triggering event includes a communication from a communication application, wherein the communication is related to upcoming travel;
in response to detecting the triggering event, automatically performing an action paired with the triggering event, wherein the action includes retrieving anticipated data from a remote device and the anticipated data includes travel-related information directly related to the upcoming travel including one or more travel guides;
caching at least a portion of the anticipated data within a memory of a mobile device;
receiving a request for requested data, wherein the requested data includes at least the portion of the anticipated data; and
fulfilling at least part of the request for the requested data by retrieving at least the portion of the anticipated data directly from the memory of the mobile device such that at least part of the request for the requested data is fulfilled when the remote device is unavailable to fulfill the request.

US Pat. No. 10,171,614

CACHE MEMORY BALANCING BASED ON MOVING OBJECT PREDICTION

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for cache memory management in a distributed computing environment, the method comprising:tracking, via a cache balancing engine, a plurality of vehicles operating in a first region;
executing, via the cache balancing engine, an analysis for a subset of the plurality of vehicles in the first region to determine a weighted mean velocity for each vehicle in the subset of the plurality of vehicles in the first region;
determining, via the cache balancing engine, based on the analysis, whether a second regional server tracking a second plurality of vehicles in a second region is likely to have an unbalanced cache memory; and
rebalancing, via the cache balancing engine, cache memory data in a first regional server and cache memory data in the second regional server responsive to determining that the second regional server is likely to have an unbalanced cache memory.

US Pat. No. 10,171,613

CLIENT DEVICE, SERVER, RECORDING MEDIUM AND INFORMATION PROCESSING METHOD

SONY CORPORATION, Tokyo ...

1. A client device comprising:circuitry at least including a processor and a cache in which first content data is stored, the circuitry configured to:
transmit first information indicating the first content data stored in the cache to a server, which manages a group of client devices including the client device and other client devices, the group of client devices being capable of communicating with each other without using an external network;
acquire, from the other client devices in the group, second content data requested to be output based on second information provided by the server, the second information including at least a timestamp indicating a time at which the second content data is stored in one of the other client devices; and
when at least a part of the second content data is not acquired from the other client devices, acquire the at least the part of the second content data from a content server through the external network.

US Pat. No. 10,171,612

CACHING SERVICE WITH CLIENT-ENABLED ROUTING

MICROSOFT TECHNOLOGY LICE...

1. One or more computer-storage media having computer-executable instructions embodied thereon that, when executed, perform a method for intelligently selecting routing connections between on-premises servers within a client network and nodes within a cloud-computing network, the method comprising:detecting an operation within the client network that is directed toward a set of data maintained within the cloud-computing network;
generating a cache request to access the set of data, wherein generating the cache request comprises:
identifying a first network key mapped to the set of data, by examining a client-side routing table; and
determining whether an ongoing routing connection between the client network and a node within the cloud-computing network, is established, by examining a client-side connection table, wherein the node is targeted by the first network key;
when the routing connection is determined to be established, sending the cache request via the preestablished routing connection; and
otherwise, sending a connection request to a load balancer of the cloud-computing network.

US Pat. No. 10,171,611

HERD BASED SCAN AVOIDANCE SYSTEM IN A NETWORK ENVIRONMENT

McAfee, LLC, Santa Clara...

1. At least one non-transitory machine readable storage medium having instructions stored thereon, the instructions when executed by at least one processor cause the at least one processor to:generate a signature for an object in a first compute node of a first plurality of compute nodes connected to a network;
search a local cache in a memory element of the first compute node for the signature;
scan the object with a scan module to obtain a scan result if the signature is not found in the local cache;
update the local cache with the scan result including the signature of the object;
select a first subset of the first plurality of compute nodes in the network based, at least in part, on a particular attribute of each compute node in the first subset, wherein the particular attribute is associated with a certain traffic pattern;
dynamically select, by the first compute node, a second subset of a second plurality of compute nodes connected to the network based, at least in part, on the particular attribute being associated with each compute node in the second subset, wherein the second plurality of compute nodes is to comprise an additional compute node that establishes a connection to the network subsequent to the selection of the first subset, the second subset to include any compute nodes of the first subset that are included in the second plurality of compute nodes and the additional compute node based on determining that an attribute of the additional compute node corresponds to the particular attribute of the compute nodes in the second subset; and
synchronize the updated local cache with one or more local caches of one or more compute nodes in the second subset, wherein synchronizing is to include:
sending, from the first compute node, the scan result to the one or more compute nodes of the second subset; and
receiving, at the first compute node, one or more scan results of one or more other objects from at least one other compute node in the second subset;
wherein the scan result indicates a threat level of the object, and wherein after the scan result is obtained, the local cache is to be updated with the threat level of the object.

US Pat. No. 10,171,609

CONSTRAINT BASED SIGNAL FOR INTELLEGENT AND OPTIMIZED END USER MOBILE EXPERIENCE ENHANCEMENT

International Business Ma...

1. A method, comprising:collecting constraint data associated with a mobile communication device, wherein the mobile communication device is executing a session associated with a mobile application over a wireless first connection, wherein session data is associated with the session and is distinct from connection data associated with the first connection and the constraint data is based upon the connection data;
assigning a corresponding weight value of a plurality of weight values to each datum of the constraint data;
generating a score for the communication session based upon the constraint data wherein each datum is modified based upon the corresponding weight; and,
in response to a determination that the score falls within a specified range:
storing the session data in a persistent data storage;
maintaining the session as a transient session with respect to the mobile computing device, wherein a transient session is a session that is resumed over a second connection with the session data stored when the first connection is dropped.

US Pat. No. 10,171,607

APPARATUS AND METHODS FOR MANAGING QUALITY OF EXPERIENCE DURING THE DELIVERY OF CONTENT

TIME WARNER CABLE ENTERPR...

1. A computerized network apparatus configured to deliver digitally rendered Internet-Protocol (IP) video content over a content delivery network, the computerized network apparatus comprising:processor apparatus;
one or more network interfaces in data communication with the processor apparatus; and
storage apparatus in data communication with the processor apparatus, the storage apparatus comprising at least one computer program configured to, when executed on the processor apparatus:
utilize a plurality of service definition data to:
(i) identify one or more second computerized client devices associated with a first computerized client device;
(ii) determine a relationship between the first computerized client device and a plurality of data interfaces;
(iii) identify one or more particular data interfaces of the plurality of data interfaces relevant to the delivery of the digitally rendered IP video content; and
(iv) measure utilization of the one or more particular data interfaces of the plurality of data interfaces;
based at least on the measured utilization of the one or more particular data interfaces of the plurality of data interfaces, adjust one or more of a plurality of content delivery files associated with the digitally rendered IP video content, the one or more adjusted content delivery files configured to permit at least one or the one or more second computerized client devices to receive the digitally rendered IP video content without a negative effect on Quality of Experience (QoE) a user of the at least one or the one or more second computerized client devices; and
deliver the one or more adjusted content delivery files to the at least one or the one or more second computerized client devices via the first computerized client device.

US Pat. No. 10,171,606

SYSTEM AND METHOD FOR PROVIDING DATA AS A SERVICE (DAAS) IN REAL-TIME

Futurewei Technologies, I...

1. A method for providing data as a service (DaaS) in near or real-time comprising:receiving, at a proxy server, a query from a client application;
requesting, by the proxy server from a plurality of data sources, data to service the query, wherein the data sources are heterogeneous in terms of data quality, or data structure, or both data quality and data structure;
obtaining, in response to the request by the proxy server from the plurality of data sources for data to service the query, received data from each data source of the plurality of data sources in near or real-time;
assigning respective confidence levels to the received data from each data source in accordance with reliability of the data source;
collecting the received data from the data sources and the respective confidence levels into virtual tables using Table Valued User Defined Functions (TVUDFs) embedded in the query;
joining the received data including the respective confidence levels from the data sources to generate joined data, the joined data comprising the received data from each of the data sources and the respective confidence levels of the received data from each of the data sources; and
sending the joined data to the client application.

US Pat. No. 10,171,605

DUAL CHANNEL DELIVERY

Apple Inc., Cupertino, C...

1. A non-transitory computer-readable memory medium storing program instructions executable by a processor to cause operations comprising:receiving a random value and a percentage range from a server; comparing the random value to a generated value to determine whether the random value is within the percentage range of the generated value; and determining, based at least in part on the comparison that the random value is within the percentage range of the generated value, to generate instructions to send an identity (ID) query request regarding a peer device over a reverse push connection rather than via a hypertext transport protocol (HTTP) request.

US Pat. No. 10,171,604

SYSTEM AND METHOD FOR PUSHING NETWORK INFORMATION

TENCENT TECHNOLOGY (SHENZ...

1. A system for pushing network information, comprising:at least one memory storing instructions; and
at least one processor that executes the instructions to cause the following operations to be performed:
pushing predefined network information content and corresponding interaction information to a first client,
obtaining feedback information from the first client in response to the interaction information, the feedback information comprising a first user ID corresponding to the first client,
processing the obtained feedback information,
generating, from the processed feedback information, an attention index corresponding to the first user ID and indicating a degree of attention of the first client to the pushed predefined network information content,
obtaining user profile settings corresponding to the attention index according to a mapping relationship between the attention index and the user profile settings, and
setting a user profile of the first user ID according to the obtained user profile settings;
generating a promotion link that comprises the first user ID corresponding to the network information content,
pushing the promotion link to the first client,
obtaining an access request from a second client concerning the promotion link having been distributed to the second client by the first client, the access request comprising the first user ID and a second user ID corresponding to the second client and there is a mapping relationship between the first user ID and the second user ID;
pushing the predefined network information content and corresponding interaction information to the second client according to the obtained access request; and
collecting feedback information corresponding to the second user ID generated by the second client in response to the interaction information pushed to the second client that is uploaded through the second client.

US Pat. No. 10,171,603

USER SEGMENTATION TO PROVIDE MOTIVATION TO PERFORM A RESOURCE SAVING TIP

OPOWER, INC., Arlington,...

1. A computer-implemented performed by a computer and at least a processor, the method comprising:identifying, by at least the processor, a plurality of similar users that are similar to a target user;
providing, by at least the processor by electronic communication, a notification related to energy consumption to the target user, the notification comprising a suggested action for the target user;
determining, by at least the processor, participation information indicative of participation of the plurality of similar users in the suggested action;
determining, by at least the processor, a level of effectiveness for each representation of a plurality of representations of the participation information, including a first level of effectiveness for a first representation of the participation information;
selecting for presentation to the target user the first representation of the participation information, as an optimal representation, from the plurality of representations of the participation information based upon a determination, by at least the processor, that the first level of effectiveness is higher than levels of effectiveness for one or more other representations of the participation information; and
providing, by at least the processor via an electronic communication channel, comparison information to the target user by electronic communication, wherein the comparison information includes the optimal representation of the participation information;
wherein the first representation is indicative of a percentage of the plurality of similar users determined to participate in the suggested action based upon the participation information; and
wherein the method further comprises at least one of:
determining a second representation of the plurality of representations, wherein the second representation is indicative of a number of the plurality of similar users determined to participate in the suggested action based upon the participation information; or
determining a third representation of the plurality of representations, wherein the third representation is indicative of a proportion of the plurality of similar users determined to participate in the suggested action based upon the participation information.

US Pat. No. 10,171,601

AVAILABILITY-BASED VIDEO PRESENTATION MANAGEMENT

International Business Ma...

1. A computer-implemented method for availability-based video presentation management using a social networking environment, the method comprising:receiving, from a user of the social networking environment, a user request for a provision of a set of contents;
detecting, in response to receiving the user request for the provision of the set of contents, a video request to present at least one video of a set of videos to the user in advance of the provision of the set of contents;
analyzing, with respect to a busyness factor for the user, a set of user profile data in the social networking environment;
determining, based on the set of user profile data with respect to the busyness factor, a selected video of the set of videos to present to the user in advance of the provision of the set of contents; and
presenting, in response to determining the selected video of the set of videos, the selected video of the set of videos to the user in advance of the provision of the set of contents.

US Pat. No. 10,171,600

METHODS AND DEVICES FOR PROVIDING INFORMATION

TELEFONAKTIEBOLAGET LM ER...

1. A method performed in an arrangement comprising a first device configured to handle data obtained by one or more sensor modules and a second device configured to provide information, the method comprising:receiving, in the first device, one or more variable values relating to one or more contexts of a system, the variable values being obtained by the one or more sensor modules,
determining, in the first device, an activity index for one or more of the contexts based on the variable values,
retrieving, in the second device, the activity index for a context,
comparing the activity index to a threshold activity index, and
providing, by the second device, a reduced amount of information based on the retrieved activity index being larger than the threshold activity index.

US Pat. No. 10,171,598

METHOD AND SYSTEM FOR LOCATION SHARING

TENCENT TECHNOLOGY (SHENZ...

1. A method for location sharing, comprising:at a first device associated with a first user, the first device having one or more processors and a memory:
presenting a chat user interface including instant messages transmitted during a chat session between the first user and the one or more second users;
in accordance with a determination that the instant messages transmitted during the chat session met a predetermined keyword matching criterion and that location sharing is enabled between the first user and the one or more second users, displaying a map interface within the chat session, including:
displaying, in accordance with respective current locations of the first user and the one or more second users, a first icon representing the first user at a first location in the map interface and a second icon representing at least one of the one or more second users at a second location in the map interface;
displaying a respective instant message received from the second user in a dialogue box in proximity to the second location in the map interface that corresponds to the respective current location of the second user; and
displaying an input box in proximity to the first location in the map interface that corresponds to the respective current location of the first user, wherein the input box is configured to display text input entered at the first device by the first user;
determining a motion state of a first user in accordance with respective information items related to the current location and a previous location of the first device associated with the first user;
in accordance with a determination that the motion state of the first user is a stationary state, determining a user direction of the first user based on orientation of the first device associated with the current location of the first device;
in accordance with a determination that the motion state of the first user is a moving state, determining the user direction of the first user based on a motion direction from the previous location to the current location of the first device; and
displaying the determined user direction of the first user on the map interface.

US Pat. No. 10,171,597

AUTONOMIC DISCOVERY AND INTEGRATION OF COMPLEMENTARY INTERNET SERVICES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:discovering a plurality of computer-implemented services that are complementary to an offered computer-implemented service;
selecting a computer-implemented service from the plurality of computer-implemented services as a candidate for integration with the offered computer-implemented service;
automatically generating a new computer-implemented service by integrating the candidate computer-implemented service with the offered computer-implemented service; and
including the new computer-implemented service in a service catalog, wherein
the new computer-implemented service comprises computer program code.

US Pat. No. 10,171,596

AUTOMATIC SERVER CLUSTER DISCOVERY

BMC Software, Inc., Hous...

1. A method operating in a distributed computing system, the distributed computing system including a plurality of nodes, the method comprising:generating, by a first visibility agent servicing a source node of a first tier of nodes of the plurality of nodes, a service identifier for a transaction, the transaction requesting a service hosted by a second tier of nodes of the plurality of nodes, the service identifier being based on a logical identifier for the second tier;
including, by the first visibility agent, the service identifier in transaction information for the transaction;
sending the transaction, including the transaction information, from the source node to the service hosted by the second tier;
at a second visibility agent servicing a destination node in the second tier:
obtaining the service identifier from the transaction information, and
reporting the service identifier with an identifier for the destination node to a visibility server as cluster information; and
at the visibility server:
receiving cluster information from a plurality of destination nodes, and
assigning each of the plurality of destination nodes to a cluster based on the service identifier in the cluster information.

US Pat. No. 10,171,595

METHOD, APPARATUS, AND SOFTWARE FOR IDENTIFYING A SET OF OPTIONS FOR THE PROVISION OF A SERVICE

International Business Ma...

1. A method for identifying a set of options for provision of a service between a Web service provider computer system and a Web service requestor computer, the method comprising:providing a set of options for the provision of a service by service provision logic;
assigning, by an encoder of the Web service provider computer system, an option identifier to each option in the set of options for the provision of the Web service, by computationally transforming a name of an assertion in each option into a corresponding value;
in response to a request received from the Web service requestor computer relating to the Web service, identifying by an alternative code checker of the Web service provider computer system, an option identifier in the request and also determining, by the alternative code checker of the Web service provider computer system, whether the received identified option identifier corresponds to one of the option identifiers assigned to the set of options; and
upon determining that the received option identifier corresponds to one of the option identifiers assigned to the set of options, identifying, by the alternative code checker of the Web service provider computer system, the received request with the corresponding option for use when provisioning the Web service in response to the received request by the Web service provision logic of the Web service provider computer system, and directing the Web service provision logic of the Web service provider to provision the Web service with the corresponding option,
wherein each option of the set of options comprises a set of elements identifying one or more security options, quality of service options, and transport protocol options each having an element identifier, and wherein each option identifier for a given option is derived from a combination of the corresponding element identifiers for the option.

US Pat. No. 10,171,594

SERVICE-ORIENTED ARCHITECTURE

McAfee, LLC, Santa Clara...

1. One or more non-transitory computer-readable storage mediums having stored thereon executable instructions for providing a data exchange layer (DXL) broker, the executable instructions operable to instruct a processor to:provide a DXL bus controller configured to provide a DXL fabric, wherein the DXL fabric is configured to provide a request-response framework on a publish-subscribe fabric;
communicatively couple to an enterprise service bus via the DXL bus controller;
receive a service registration message on the enterprise service bus;
determine that the service registration message is for an unregistered service;
create a new service registry record for the service; and
create an instance of the service in the service registry record.

US Pat. No. 10,171,592

TECHNIQUES FOR MULTI-LEVEL SERVICE DISCOVERY

INTEL CORPORATION, Santa...

1. An apparatus comprising:memory storing instructions:
a processor circuit for a first wireless device and coupled with the memory, the processor circuit operable to execute the instructions, that when executed, cause the processor circuit to:
generate a bit map to indicate a type of service wirelessly advertised by the first wireless device to one or more other wireless devices;
transmit the bit map to the one or more other wireless devices;
encode service information for a service using at least one encoding technique to include public encoding, private encoding, and plain text encoding to generate a service identification for the service associated with the advertised type of service, the service identification comprised in a data packet, the data packet including:
the encoded service information;
a first bit of one or more bits to indicate whether the service information is encoded with the public encoding technique, the service information encoded with the public encoding technique comprised in a first field of the data packet corresponding with the first bit;
a second bit of the one or more bits to indicate whether the service information is encoded with the private encoding technique, the service information encoded with the private encoding techniques comprised in a second field of the data packet corresponding with the second bit; and
a third bit of the one or more bits to indicate whether the service information is encoded with the plain text encoding technique, the service information encoded with the plain text encoding technique comprised in a third field of the data packet corresponding with the third bit;
transmit the data packet to at least one of the one or more other wireless devices;
generate service content information having additional service information about the service; and
transmit the service content information to at least one of the one or more other wireless devices.

US Pat. No. 10,171,591

CONNECTING PUBLIC CLOUD WITH PRIVATE NETWORK RESOURCES

Microsoft Technology Lice...

1. A method for provisioning a connection between a public cloud and an on-premises resource in a private network, the method comprising:determining that an application running in the public cloud is to access an on-premises resource of the private network;
based at least on the determining that the application running in the public cloud is to access an on-premises resource of the private network, automatically generating a one-time password (OTP);
generating a hyperlink pointing to a network address of the on-premises resource that includes at least the OTP as a query parameter;
based at least on the hyperlink being selected from within the private network, automatically performing the following:
identifying a bridging infrastructure that provides access to the on-premises resource;
causing a configuration package to be downloaded within the private network, wherein the downloaded configuration package uses the OTP from the query parameter of the hyperlink to acquire resource-specific credentials;
causing a hybrid connection manager on the private network to use the resource-specific credentials to provide connectivity between the on-premises resource on the private network and the bridging infrastructure.

US Pat. No. 10,171,590

ACCESSING ENTERPRISE COMMUNICATION SYSTEMS FROM EXTERNAL NETWORKS

CA, Inc., New York, NY (...

1. A computer program product for enabling access to an end service in a private communication system from a cloud-based requestor in a public network, comprising: a non-transitory computer readable storage medium storing computer readable program code which when executed by a processor of an electronic device causes the processor to perform operations comprising:establishing a secure bridge connection between a connector service located outside the private communication system and a tenant application in the private communication system, the secure bridge connection extending between the private communication system and the public network to provide secure communications between the connector service located outside the private communication system and the tenant application within the private communication system to enable access to enterprise services operating within the private communication system from requestors located outside the private communication system wherein the secure bridge connection comprises a secure outbound pipe, accessible with first session credentials, that handles all outbound connections and data flow for carrying requests from the connector service to the tenant application and a separate secure inbound pipe, accessible with second session credentials that handles all inbound connections and data flow for carrying responses from the tenant application to the connector service, wherein the secure inbound pipe and the secure outbound pipe are established with separate session credentials;
receiving a request at the connector service from the cloud-based requestor to use services of the end service, the request including information from the cloud-based requestor addressed to the end service;
creating a virtual communication circuit by associating a cloud side work socket with a unique cloud-side network object identifier (NOID-C) attribute that uniquely identifies the cloud-based requestor, a default network object identifier (NOID-Default) attribute associated with the private communications system, and an end service identifier (ESID) attribute that uniquely identifies an instance of the end service in the private communication system;
storing a virtual communication circuit identifier associated with the work socket, the virtual circuit identifier including the ESID, the NOID-default, and the attributes, after creating the virtual communication circuit; and
transmitting the information addressed to the end service along with the NOID-C and ESID attributes to the tenant application in the private communication system.

US Pat. No. 10,171,589

REDUCING INTERFERENCE FROM MANAGEMENT AND SUPPORT APPLICATIONS TO FUNCTIONAL APPLICATIONS

International Business Ma...

1. A method for regulating information flow between monitoring agents and a management server in a network, the method comprising the steps of:inserting an interface in the network to access stream based communications in the network;
exporting control and data ports to each of the monitoring agents;
receiving requests from one or more of the monitoring agents to establish sessions;
limiting a number of the sessions to open by limiting the connections on the data ports without restricting connections on the control ports, whereby a connection pool is provisioned containing less than a number of connections needed for all of the monitoring agents to communicate with the management server, and wherein the connection pool is shared among the monitoring agents; and
dynamically modifying a limit on the number of sessions to open based on changes in network traffic by reducing the limit after a given time threshold passes with none of the monitoring agents waiting to send management information to the management server.

US Pat. No. 10,171,588

WEB OPERATION PLAYBACK

International Business Ma...

1. A method for playing back a web operation including at least one input selected from a group of inputs consisting of a document object model (DOM) node event, a web request, and a web response, the method comprising:in response to execution of the web operation, identifying an act input from the group of inputs of the web operation, wherein the act input includes the DOM node event or the web response;
recording web response contents and feature information associated with the act input identified, wherein the feature information includes a temporal sequence feature of the act input and a self-constraint feature of the act input by:
generating a data structure comprising a plurality of temporal sequence features by adding a timestamp to each act input identified among web operations, wherein each entry of the temporal sequence feature in the plurality of temporal sequence features of the act input includes an occurrence sequence of the act input, an action, a prerequisite indicating a prior action upon which the action depends, a prerequisite delay expressed in units of time and timeout of each act input that is a time displacement expressed in units of time determined as a difference between the timestamp of a current act input and a timestamp of a previous respective act input on which the current act input depends;
sorting the plurality of temporal sequence features into a predetermined sequence according to respective timestamps;
responsive to the act input being the DOM node event, recording the self-constraint feature of this act input identifying a DOM node on which the DOM node event depends, and a timeout of the DOM node event; and
responsive to the act input being the web response, recording the self-constraint feature of this act input identifying a correspondence between the web response and a web request that triggers the web response, and a timeout of the web response; and
playing back, in the predetermined sequence, the web operation recorded using the feature information and the web response contents recorded by:
determining for a respective entry in an occurrence sequence of act inputs whether a respective self-constraint feature of the act input that identifies the occurrence sequence of act inputs, the action, the prerequisite identifying the prior action upon which the action depends, and the prerequisite delay expressed in units of time is satisfied, wherein the respective self-constraint feature of the act input is satisfied when an elapsed time since occurrence of the prior action meets or exceeds the prerequisite delay;
responsive to determining that the respective self-constraint feature is satisfied, determining whether the timeout expressed in units of time since a previous respective act input on which the current act input depends is satisfied, wherein the timeout since the previous respective act input is satisfied when a second elapsed time since occurrence of the previous respective act input meets or exceeds the timeout; and
responsive to determining that the timeout expressed in units of time since the previous respective act input on which the current act input depends is satisfied, triggering the web operation that was recorded.

US Pat. No. 10,171,587

MASTER DEVICE, SLAVE DEVICE, INFORMATION PROCESSING DEVICE, EVENT LOG COLLECTING SYSTEM, CONTROL METHOD OF MASTER DEVICE, CONTROL METHOD OF SLAVE DEVICE AND CONTROL PROGRAM

OMRON Corporation, Kyoto...

1. A master device, adapted to communicate with at least one slave device for recording generation of a specified event, and the master device comprising:a moment acquiring element, acquiring a moment;
a moment adjustment instructing element, making the slave device to synchronize a moment counted by the slave device and the moment acquired by the moment acquiring element by sending a moment information corresponding to the moment acquired by the moment acquiring element; and
a log receiving element, receiving a first event log from the slave device, wherein the first event log is an information formed by associating a generation moment of the event with an information for determining the event.

US Pat. No. 10,171,586

PHYSICAL ENVIRONMENT PROFILING THROUGH INTERNET OF THINGS INTEGRATION PLATFORM

NEURA, INC., Sunnyvale, ...

1. A method of profiling a physical environment via Internet of Things (IoT) devices connected via an IoT integration platform, comprising:generating a node graph including an entity profile and a user profile, the entity profile being associated with any of a plurality of network-capable devices from which a presence of an entity is detected in a physical environment, the user profile being associated with a subset of the node graph within a certain distance of the user profile;
predicting a semantic label of the entity profile within the certain distance from the user profile based on semantic analysis of the presence of the entity in relation to the user profile; and
updating the entity profile and the node graph with the predicted semantic label.

US Pat. No. 10,171,585

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR DISTRIBUTED STORAGE OF DATA IN A HETEROGENEOUS CLOUD

INTERNATIONAL BUSINESS MA...

1. A method, comprising:associating, in a computational device, a plurality of identifiers with a plurality of data elements, wherein a first data element and a second data element of the plurality of data elements are both associated with a first identifier of the plurality of identifiers;
storing, by the computational device, the first data element with which the first identifier is associated, in a first cloud storage maintained by a first entity; and
storing, by the computational device, the second data element with which the first identifier is associated, in a second cloud storage maintained by a second entity, wherein the first cloud storage is different from the second cloud storage, and wherein data elements that are associated with an identical identifier are stored in cloud storages provided by different entities, wherein a user identifier and a corresponding password are associated with the identical identifier to indicate that the user identifier and the corresponding password are keys to a secure system, and wherein the user identifier is stored in the first cloud storage maintained by the first entity, and one part of the corresponding password is stored in the second cloud storage maintained by the second entity, and another part of the corresponding password is stored in a third cloud storage maintained by a third entity.

US Pat. No. 10,171,584

SYSTEMS, METHODS, AND DEVICES FOR PROVIDING PROCESS CODE TO REMOTE DEVICES

MARTELLO TECHNOLOGIES COR...

1. A system for providing executable code to a remote data processing device, the system comprising:a remote data processing device storing process code and configured to receive input data from a data source of a production environment, the remote data processing device further configured to execute the process code with the input data to generate processed data in the production environment; and
a terminal connected to the remote data processing device via a network, the terminal configured to obtain the process code executing at the remote data processing device, the terminal further configured to provide a development environment to allow creation of process code and modification of the process code obtained from the remote data processing device to generate new process code, the terminal further configured to transmit the new process code over the network to the remote data processing device for execution by the remote data processing device;
the terminal configured to receive the input data from the data source of the production environment and to execute the new process code on the input data to generate processed data at the development environment, wherein the terminal is further configured to selectably route the processed data generated at the development environment to the remote data processing device for output by the remote data processing device as if generated by the remote data processing device and wherein the terminal is further configured to control selective suppression of output of processed data generated by the remote data processing device.

US Pat. No. 10,171,583

DISTRIBUTED GLOBAL DATA VAULTING MECHANISM FOR GRID BASED STORAGE

International Business Ma...

1. A computer program product for distributed global data vaulting in a grid of server computers, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that executes to perform operations, the operations comprising:at one of the server computers of the grid of server computers,
assigning a plurality of vault devices for each data element of a plurality of data elements based on a resiliency level,
wherein, for a first priority, each of the plurality of vault devices assigned to a data element is at a different server computer of the grid of server computers; and
wherein, for a second priority, in response to determining that there are not enough vault devices to assign each of the plurality of vault devices at a different server computer, at least two of the plurality of vault devices is a different vault device of a same server computer of the grid of server computers; and
creating a vault distribution table that identifies the plurality of vault devices for each data element; and
at each of the server computers of the grid of server computers,
determining that there is a system shutdown; and
for each data element at that server computer,
retrieving a list of one or more vault devices at other server computers from the vault distribution table; and
dumping the data element to the one or more vault devices at the other server computers.

US Pat. No. 10,171,582

METHOD AND APPARATUS FOR CLIENT TO CONTENT APPLIANCE (CA) SYNCHRONIZATION

Barracuda Networks, Inc.,...

1. A system to support file synchronization and sharing with cloud storage, comprising:a client agent running on a local host configured to
discover and connect to a content appliance (CA) by first requesting an Internet Protocol (IP) address of the CA from the cloud storage,
wherein the CA is a storage device/host configured to locally maintain files previously downloaded from the cloud storage,
wherein the IP address of the CA is either an internal IP address if the CA is located within the same internal network as the local host of the client agent behind a firewall or a public IP address accessible by the client agent over a network;
request and receive a file not stored on the local host from the CA instead of requesting and downloading the file directly from the cloud storage;
provide the file that has been revised or updated locally to the CA, wherein changes made to the file are considered as to have been fully committed by the client agent;
said content appliance (CA) configured to:
serve multiple client agents running on different local hosts by establishing separate secured connections with the multiple client agents, wherein the multiple client agents comprise the client agent, and
request and download the file from the cloud storage or another CA or another client agent of the multiple client agents if the CA does not have the file locally; and
synchronize the changes made to the file to the cloud storage, wherein the cloud storage centrally maintains only one authoritative and most up-to-date copy of the file, which is be accessed and synchronized with the file's local copies by the client agent and the CA over a communication network.

US Pat. No. 10,171,581

BLENDED OPERATIONAL TRANSFORMATION FOR MULTI-USER COLLABORATIVE APPLICATIONS

LIVELOOP, INC., Wilmingt...

1. A method for propagating document changes made to a document by a plurality of users that are editing the document concurrently, the method comprising:determining that a first document change comprise a change that is supported by an existing operational transformation of an operational transformation system and:
propagating the first document change to a base version of the document using the existing operational transformation; and
updating the base version of the document with the first document change;
determining that a second document change comprises an opaque change, an opaque change existing when the operational transformation system detects a change has been made to an object in the document but is unable to determine the actual change to the object, and:
converting the second document change to an opaque operation including a binary large object representation of the change and metadata containing instructions to implement the change;
propagating the opaque operation to the base version of the document;
placing the base version of the document into an opaque operation locked out state;
updating the base version of the document with the converted second document change while in the opaque operation locked out state; and
releasing the opaque operation locked out state on the base version of the document when the base version of the document is updated with the opaque operation; and
determining that a third document change comprises a change unsupported by the operational transformation system, a change unsupported by the operational transformation system existing when the change is completely undetected by the operational transformation system or when the change does not expose its content or location to the operational transformation system, and:
converting the third document change to binary-sync operation including a binary large object representation of the entire document including only the third document change and metadata containing instructions to implement the change;
propagating the binary sync operation to the base version of the document;
placing the base version of the document into a binary-sync locked out state;
updating the base version of the document with the binary-sync operation while the base version of the document is in the binary-sync locked out state; and
releasing the binary-sync operation locked out state on the base version of the document when the base version of the document is updated with the binary-sync operation.

US Pat. No. 10,171,580

GRANULAR INSTANT IMPORT OF REPLICATED VTL CARTRIDGE INTO A BACKUP CATALOG

INTERNATIONAL BUSINESS MA...

1. A method for cataloging replicated data in a backup storage environment, by a processor device, comprising:in a storage system using tape library data replication between an originating site and a backup site, replicating catalog data between the originating site and the backup site such that replicated data moved from the originating site to the backup site is placed into a catalog duplicative of the originating site to efficiently import, at the backup site, the replicated data transferred from the originating site; wherein upon completion of initially replicating a volume of a cartridge from the originating site to the backup site such that the volume nor any data thereof has been previously replicated from the originating site to the backup site, the replicated data therein the replicated volume is automatically, and without user intervention, imported into the duplicative catalog of the backup site when the cartridge is moved to an import/export (I/E) slot of the tape library of the backup site in lieu of manually importing the catalog data to the backup site by an administrator, thereby mitigating time spent performing the replication and importation during a disaster recovery (DR) scenario; and
synchronizing appending catalog data by performing each of:
backing up the volume of the cartridge at the originating site;
prior to commencing replication for the replicated data of the volume from the originating site to the backup site, ejecting a copy of the cartridge through a backup application at the backup site; wherein the ejection includes moving the cartridge to the I/E slot of the tape library at the backup site;
responsive to detecting the cartridge is in the I/E slot, automatically shelving the cartridge in the backup application at the backup site;
commencing the replication for the replicated data of the replicated volume from the originating site to the backup site;
subsequent to completing the replication, moving the cartridge back to the I/E slot at the backup site, wherein, upon moving the cartridge back to the I/E slot, the replicated volume is automatically imported into the duplicative catalog of the backup site.

US Pat. No. 10,171,579

MANAGING PRESENCE AMONG DEVICES ACCESSING SHARED AND SYNCHRONIZED CONTENT

Dropbox, Inc., San Franc...

1. A method comprising:receiving, by a content management system from a presence application on a device associated with a user account, presence information describing user interactions with a user interface element associated with a native process of a native application different from and monitored by the presence application, the native process accessing a content item stored on the device and synchronized with the content management system, the presence application configured to simultaneously monitor user interface elements each associated with a different native application of a plurality of native applications, the presence application and the native application both stored at and executed by the device;
updating a set of presence records corresponding to the content item synchronized with the content management system based on the received presence information, each presence record identifying a presence status and an identifier of a monitored user interface element on the device interacting with the content item synchronized with the content management system;
determining a set of devices synchronizing the content item, wherein each device in the set of devices maintains a local copy of the content item and synchronizes the local copy with the content item stored at the content management system;
determining that the native application of the device associated with the user account opened the content item synchronized with the content management system based on the set of presence records corresponding to the content item; and
notifying the set of devices synchronizing the content item that the native application of the device associated with the user account opened the content item.

US Pat. No. 10,171,578

TAPERED COAX LAUNCH STRUCTURE FOR A NEAR FIELD COMMUNICATION SYSTEM

TEXAS INSTRUMENTS INCORPO...

1. A system comprising:a module comprising: a substrate on which a radio frequency (RF) transmitter is mounted, the RF transmitter having an output terminal; a housing having a port region at a surface of the housing; and a tapered transmission line with a conductive element, the conductive element having a first end coupled to the output terminal of the RF transmitter and a second end that terminates at the port region, wherein a characteristic impedance of the tapered transmission line increases along a length of the tapered transmission line from the first end to the second end, and the tapered transmission line has an outside surface separated from the conductive element by a dielectric, in which the dielectric is air.

US Pat. No. 10,171,577

LOCAL AREA NETWORKING SYSTEM

WIFIFACE LLC, Toledo, OH...

1. A local area networking method, the method comprising the steps of:providing a system server in communication with a first mobile device over a wide area network and having a processor coupled to a memory, the memory having processor-executable instructions and at least one database embodied thereon, the at least one database including a listing of unique identifiers associated with mobile devices and a local area server registered with the system server, and a listing of user profiles associated with the mobile devices registered with the system server;
correlating, by the system server, the unique identifiers associated with the mobile devices registered with the system server and the unique identifier associated with the local area server to define an electronic communication or collaboration forum of a local area network, wherein the unique identifiers of the mobile devices registered with the system server are a combination of GPS and either MAC or IP, and the unique identifiers associated with the local area server are BSSID or SSID; and
generating, by the system server on a graphical user interface of the first mobile device, a visual representation of the electronic communication or collaboration forum of the local area network including the mobile devices within the local area network and registered with the system server, the visual representation including a name of the local area network,
at least a portion of the user profiles of the mobile devices within the local area network that are registered with the system server and sharing content,
a notifications control providing at least one of friend requests, application requests and messages to the first mobile device from the mobile devices within the local area network, and
a refresh control configured to allow the first mobile device to force an update of the visual representation, and
wherein at least a portion of the visual representation is shared by all of the registered mobile devices in the local area network,
wherein the first mobile device is permitted to communicate or collaborate with the mobile devices registered with the system server and within the local area network via the graphical user interface,
wherein the first mobile device is permitted to subscribe to a physical location associated with the local area network while in the local area network, and to one of view, communicate to a user, share, and identify an activity of the mobile devices within the local area network and registered with the system server from remote locations by interacting with the visual representation of the electronic communication or collaboration forum of the local area network via the wide area network, and
wherein the system server permits an individual to provide at least one of advertisements, feature offers, discounts, promotions, and items for sale on the visual representation of the local area network.

US Pat. No. 10,171,576

METHOD, APPARATUS, AND SYSTEM FOR INTERACTION BETWEEN TERMINALS

TENCENT TECHNOLOGY (SHENZ...

1. A method for interaction between terminals, comprising:acquiring, by a first terminal, to-be-sent data;
sending, by the first terminal, the to-be-sent data to a second terminal;
displaying, by the first terminal, a display interface;
monitoring whether first operation information from the second terminal is received, the first operation information comprising a processing operation performed by a first user of the second terminal on the to-be-sent data;
updating, by the first terminal, the display interface according to the first operation information, once the first operation information sent by the second terminal is received; and
monitoring, in real time, an operation performed by a second user on the display interface of the first terminal and sending second operation information to the second terminal, wherein the second operation information comprises the operation performed by the second user on the display interface of the first terminal,
wherein:
each of the first terminal and the second terminal comprises a sound sensor for sensing a sound frequency and converting the sound frequency into an electrical signal,
the first operation information and the second operation information are respectively obtained by the sound sensors in the second terminal and the first terminal,
the display interface of the first terminal is updated according to an electrical level of the electrical signal contained in the first operation information from the second terminal,
a low frequency filter is applied to the electrical signal in the first operation information to obtain a filtered signal, the first operation information being sent to the first terminal based on the filtered signal, and
updating the display interface according to the first operation information comprises:
when the electrical level of the electrical signal indicates a first sound frequency, updating a first number of virtual objects on the display interface; and
when the electrical level of the electrical signal indicates a second sound frequency, updating a second number of virtual objects on the display interface.

US Pat. No. 10,171,574

COMPUTER SYSTEM, PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING JOB PROCESSING PROGRAM

FUJITSU LIMITED, Kawasak...

1. A computer system, which has a plurality of computation nodes and performs an arithmetic processing with respect to a job, the computer system comprising:a reference point determining unit that, when the number of pieces of job attribute information is larger than the number of partial networks constituting a network that connects the plurality of computation nodes, allocates a reference point to the partial network, and that, when the number of the pieces of job attribute information is equal to or smaller than the number of partial networks, arranges a plurality of networks to groups as many as the number of the pieces of job attribute information and allocates a common reference point to each of the groups; and
a node set searching unit that searches for a computation node set that is a set of computation nodes satisfying a predetermined condition related to a remote degree that is an estimate index of a communication time from a node allocation reference point in node coordinate spaces and including the computation node that runs no job, based on running job position information that manages a position of a running job allocated to the node coordinate spaces,
the running job position information includes an entry corresponding to a maximum value and a minimum value of a node coordinates of each dimension of the node coordinate spaces, the entry having a pointer of the entry of a management information that manages a running job.

US Pat. No. 10,171,573

SWAPPING NON-VIRTUALIZING AND SELF-VIRTUALIZING DEVICES

International Business Ma...

13. A system for managing cloud computing resources, the system comprising:a consumer device configured to access a cloud computing environment;
a computer, included in the cloud computing environment, wherein the computer comprises a virtualization instance (VI), a first computing device comprising a non-virtualizing type device, and a second computing device comprising a self-virtualizing type device, wherein the VI is configured to use a first virtual device to provide cloud computing services to the consumer device, and wherein the first virtual device comprises a virtual form of the first computing device; and
a QoS manager communicatively coupled to the computer, wherein the QoS manager comprises at least one processor configured to:
receive first Quality of Service (QoS) metrics associated with the VI providing the cloud computing services to the consumer device;
determine, in response to receiving the QoS metrics, and based at least in part on a first comparison of the QoS metrics with VI QoS objectives, that the VI is unable to meet the VI QoS objectives using the first virtual device;
determine, based on the first virtual device comprising the virtual form of the non-virtualizing computing device that a first substitute virtual device, comprising a virtual form of the self-virtualizing computing device, is available to substitute for the first virtual device and that the VI is able to meet the VI QoS objectives using the first substitute virtual device; and
cause, based at least in part on the VI able to meet the VI QoS objectives using the first substitute virtual device, the computer to configure the VI to use the first substitute virtual device in place of the first virtual device.

US Pat. No. 10,171,572

SERVER POOL MANAGEMENT

International Business Ma...

1. A computer-implemented method of managing a system comprising a pool of servers including a number of active servers, the method comprising:monitoring, by one or more processors, utilization of system capacity, the utilization resulting from a workload of the number of active servers; and
detecting a critical utilization of the system, the detecting comprising:
predicting, by the one or more processors, a duration of the detected critical utilization of the system capacity from a monitoring history of the utilization of the system capacity, wherein the predicted duration comprises a first period of time; and
determining, by the one or more processors, based on the predicted duration, if the predicted duration exceeds a defined threshold, wherein the defined threshold comprises a second period of time, wherein by exceeding the defined threshold, the monitored system capacity utilization would deviate from the monitoring history at a relevant point in time by more time than the second period of time, and wherein by exceeding the defined threshold, the one or more processors determine that increased system overhead is required to handle the detected critical utilization for the predicted duration;
based on the predicted duration exceeding the defined threshold, increasing the number of active servers to handle the detected critical utilization for the predicted duration; and
based on the predicted duration not exceeding the defined threshold, invoking an adjustment of throughput performance of the active servers to handle the detected critical utilization for the predicted duration.

US Pat. No. 10,171,571

DETERMINING AND ASSIGNING A DEFAULT VALUE TO A CURRENT SERVER RESPONSE IF THE CURRENT SERVER RESPONSE IS NOT RECEIVED FROM THE SERVER WITHIN A TIME-LIMIT

International Business Ma...

1. A non-transitory computer usable medium having a computer program executed by a data processing system to communicate with a server and to perform operations, the operations comprising:receiving a current submission of a request;
transmitting an indication of the request to the server for receiving a current server response to the current submission of the request;
assigning a default value to the current server response for the request if the current server response is not received from the server within a time limit with respect to the current submission of the request, wherein the default value is assigned to increase responsiveness to the request by avoiding delays beyond the time limit;
logging a set of operations being performed from the assignment of the default value to the current server response;
receiving an actual value of the current server response from the server;
rolling-back the logged operations and resetting the current server response to the actual value if the actual value is different from the default value; and
using the actual value in response to resetting the current server response to the actual value.

US Pat. No. 10,171,569

TRANSMISSION OF DATA TO MULTIPLE COMPUTING DEVICES ACCORDING TO A TRANSMISSION SCHEDULE

Uber Technologies, Inc., ...

1. A network system for managing a network service for a given geographic region comprising:one or more processors; and
one or more memory resources storing instructions that, when executed by the one or more processors, cause the network system to:
receive, from a first user device of a first user, request data corresponding to a first request for service, the request data including information corresponding to a first location;
in response to receiving the request data, identify a set of two or more candidate providers from a plurality of providers, wherein the number of candidate providers identified in the set of two or more candidate providers is based, at least in part, on acceptance metrics of the plurality of providers, and wherein each acceptance metric is indicative of a corresponding service provider's historical record in accepting invitations to fulfill requests for service;
determine a message transmission schedule specifying when to transmit each of a set of invitation messages to a set of two or more provider devices associated with the set of two or more candidate providers, each of the set of invitation messages corresponding to an invitation to fulfill the first request for service and including information corresponding to the first location; and
transmit the set of invitation messages to the set of two or more provider devices in accordance with the message transmission schedule.

US Pat. No. 10,171,568

SELECTING SYSTEM, COMMUNICATION MANAGEMENT SYSTEM, COMMUNICATION SYSTEM, COMPUTER PROGRAM, AND METHOD OF SELECTION

RICOH COMPANY, LIMITED, ...

1. A selecting system that, when a plurality of controllers that control a session between communication terminals are provided, selects a controller to be connected to a requesting communication terminal out of the plurality of controllers, the selecting system comprising:a state management memory that stores, for each controller of the plurality of controllers, state information indicating, for each communication terminal connected to the controller, a state of communication of the communication terminal;
a load management memory that stores, for each state of communication, load information indicating a degree of load related to control to be performed in the corresponding state of communication, wherein the load information stored by the load management memory includes first load information corresponding to a first state in which the communication terminal is in communication with another communication terminal and second load information corresponding to a second state in which the communication terminal is not in communication with any other communication terminal, and the degree of load indicated by the first load information is larger than the degree of load indicated by the second load information; and
processing circuitry configured to
accept a connection request from the requesting communication terminal that is not connected;
calculate, for each controller of the plurality of controllers, the degree of load related to the control based on the state of communication of each communication terminal connected to the controller and the load information for each state of communication stored in the load management memory; and
select a specific controller to be connected to the requesting communication terminal, based on the degree of load calculated for each of the plurality of controllers.

US Pat. No. 10,171,567

LOAD BALANCING COMPUTER DEVICE, SYSTEM, AND METHOD

HUAWEI TECHNOLOGIES CO., ...

1. A method for balancing load among devices, applied to a computer system that comprises at least a first computer device and a second computer device, wherein the first computer device comprises a cloud management platform, and the second computer device comprises at least one virtual machine; the method comprising:obtaining, by the first computer device, configuration information of a load balancer, wherein the configuration information of the load balancer comprises an identifier of the load balancer and a virtual IP address (VIP) of the load balancer;
instructing, by the first computer device, the second computer device to create the load balancer according to the configuration information;
configuring, by the first computer device, a forwarding mode of a service on the second computer device, wherein the service is initiated by the virtual machine, and wherein in the forwarding mode, a service packet of the service is forwarded to the load balancer;
receiving, by the load balancer, the service packet of the service from the virtual machine; and
selecting, by the load balancer, at least one back-end server to execute the service.

US Pat. No. 10,171,566

SERVER-PROCESSOR HYBRID SYSTEM FOR PROCESSING DATA

International Business Ma...

1. A server-processor hybrid system for processing data, comprising:a set of front-end servers configured to receive the data from an external source;
a set of back-end application optimized processors configured to receive the data from the set of front-end servers, process the data, and return processed data to the set of front-end servers; and
an interface within at least one of the set of front-end servers having a set of network interconnects, the interface connecting the set of front-end servers with the set of back-end application optimized processors, the interface configured to:
communicate the data received from the external source, from the set of front-end servers to the set of back-end application optimized processors by selectively invoking a push model or a pull model, and
communicate the processed data from the back-end application optimized processors to the set of front-end servers by selectively invoking the push model or the pull model,
wherein the push model is selectively invoked when the data to be transmitted has a predefined size, and
wherein the pull model is selectively invoked when the data to be transmitted does not have a predefined size.

US Pat. No. 10,171,565

APPLICATION MONITORING FOR CLOUD-BASED ARCHITECTURES

BMC Software, Inc., Hous...

1. A computer-implemented method comprising:for a first application of a plurality of applications hosted on a cloud network, receiving, at a monitoring station, a plurality of data streams that include real-time operational data of a plurality of application instances of the first application hosted on the cloud network, each application instance being hosted on a corresponding node from a plurality of nodes in the cloud network, the operational data including operational data sent and received by each of the nodes hosting the application instances in the cloud network, wherein each of the nodes hosting the application instances includes a server instance in the cloud network;
deploying a meter on the server instance;
capturing, via the meter, the data streams that include the operational data of the application instances;
processing the plurality of data streams corresponding to the plurality of application instances to generate real-time performance data for the first application hosted on the cloud network, the real-time performance data including one or more performance metrics describing the performance of the application instances hosted in the cloud network;
generating, based on the real-time performance data for the application instances, statistics for data flows between components of the first application;
generating comparative statistics on the performance of the first application relative to the performance of the plurality of applications hosted on the cloud network; and
reallocating, based on the comparative statistics, resources on the cloud network for the performance of the first application.

US Pat. No. 10,171,563

SYSTEMS AND METHODS FOR AN INTELLIGENT DISTRIBUTED WORKING MEMORY

MICROSOFT TECHNOLOGY LICE...

1. A system for intelligent memory sharing and contextual retrieval across multiple devices and multiple applications of a user, the system comprising:at least one processor; and
a memory for storing and encoding computer executable instructions that, when executed by the at least one processor is operative to:
maintain a shared working memory of the user for temporary storage of information until an occurrence of a condition;
collect data from working memories from at least one device of a plurality of devices associated with the user;
store the data on the shared working memory;
analyze the data utilizing world knowledge to determine elements listed within the data, wherein the world knowledge includes network accessible information;
enrich the elements by adding at least one of a tag or an additional element to the elements utilizing the world knowledge to form enriched elements;
collect relationships between the enriched elements;
determine a user context;
analyze the relationships based on the user context;
determine a response based on the analysis of the relationships and the world knowledge;
send the response to a plurality of active devices of the user and store the response in the shared working memory; and
in response to the occurrence of the condition, delete content stored on the shared working memory.

US Pat. No. 10,171,562

SOCIAL MEDIA DRIVEN INFORMATION INTERFACE

Microsoft Technology Lice...

1. A computing device comprising:one or more processing units; and
one or more computer-readable media comprising computer-executable instructions, which, when executed by the one or more processing units, cause the computing device to:
generate, from social media data created by multiple independent and unrelated individuals and directed to multiple distinct and unrelated topics, a first set of time-delineated social media data, comprising only social media data that correspond to a first time range, by applying a time-based filter to the social media data;
subsequently generate, from the generated first set of time-delineated social media data, multiple topic clusters, each topic cluster comprising multiple, different social media entries, each social media entry in a topic cluster having a topic similarity above a topic clustering threshold associated with the topic cluster;
generate multiple event summaries for the first time range based upon at least some of the generated topic clusters, each event summary comprising a combination of only a subset of text or graphics from each of multiple different and distinct social media entries from a corresponding topic cluster;
generate an information interface comprising multiple annotated timeslots, including a first annotated timeslot that comprises at least some of the generated multiple event summaries, the first annotated timeslot being delineated by the first time range; and
transmit the information interface to a second computing device that is separate from the computing device and is communicationally coupled to the computing device through a computer network;
wherein the second computing device visually generates, on a hardware display device communicationally coupled thereto, the information interface, including the first annotated timeslot and the at least some of the generated event summaries.

US Pat. No. 10,171,561

CONSTRUCT DATA MANAGEMENT BETWEEN LOOSELY COUPLED RACKS

International Business Ma...

1. A computer-implemented method comprising:associating at least a portion of a second rack to a construct;
wherein the associating occurs in response to input received by a first management node of a first rack associated with the construct;
wherein the construct includes a set of distributed resources connected via a network and comprising at least a respective portion of a plurality of respective racks and a set of construct data comprising user data, group data, resource data, and authorization policy data;
wherein each respective rack is independently controlled by a respective management node of a plurality of autonomous management nodes including at least the first management node associated with the first rack and a second management node associated with the second rack;
wherein a respective mutual trust relationship exists between each respective pair of autonomous management nodes of the plurality of autonomous management nodes;
determining, by the second management node, that the second management node contains insufficient construct data to execute an operation associated with the construct; and
synchronizing, in response to the first management node receiving a request from the second management node comprising an authenticated first security token based on a public key of the second management node, at least a portion of the construct data between the first management node and the second management node.

US Pat. No. 10,171,560

MODULAR FRAMEWORK TO INTEGRATE SERVICE MANAGEMENT SYSTEMS AND CLOUD ORCHESTRATORS IN A HYBRID CLOUD ENVIRONMENT

International Business Ma...

1. A modular service management (MSM) engine on a computer system including at least one processor that integrates a plurality of cloud orchestrators and service management (SM) platforms to provide a hybrid cloud environment, comprising:an interface system that includes a first gateway for providing communications with SM platforms that adhere to an SM protocol and a second gateway for providing communications with the plurality of cloud orchestrators, wherein the SM protocol defines a set of management processes for handling service requests;
a service request processing system that processes service requests from SM platforms using selected cloud orchestrators, processes change management requests, and matches a change management request corresponding to an inputted service request, wherein the service request processing system includes a set of management modules in which each management module processes activities associated with a different one of the management processes, wherein the set of management modules includes a request management module for detecting an inputted service request, parsing the inputted service request and translating the inputted service request, and managing, tracking, and reformatting at least one activity associated with the inputted service request;
a rules and conditions engine that parses the inputted service request against a set of rules and conditions values and determines based upon the parsed inputted service request a primary cloud orchestrator to be used to service the inputted service request and a secondary cloud orchestrator to be used as a backup to the primary cloud orchestrator;
a set of data conversion modules, wherein each data conversion module includes logic that converts data associated with an SM platform to a data format required by one of the primary cloud orchestrator and secondary cloud orchestrator; and
wherein the set of management modules includes a change management module for checking the approval of the change management request, and a task management module for creating a new task in the SM platform.

US Pat. No. 10,171,559

VXLAN SECURITY IMPLEMENTED USING VXLAN MEMBERSHIP INFORMATION AT VTEPS

Cisco Technology, Inc., ...

1. A method comprising:at a network device configured as a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP):
storing VTEP membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN, the VTEP membership information including a VxLAN identifier (VNI) of each VxLAN and an Internet Protocol (IP) address representing a respective source IP address of each VTEP in the corresponding set of VTEPs corresponding to that VNI and that are authorized to originate VxLAN packets;
receiving from a communication network a VxLAN packet that includes an original Ethernet frame encapsulated in a VxLAN encapsulation, the VxLAN encapsulation including a VNI that identifies a VxLAN associated with the VxLAN packet, an outer User Datagram Protocol (UDP) header, an outer IP header including a source IP address of an originating VTEP and a destination IP address, and an optional outer IEEE 802.1Q field;
comparing the source IP address of the originating VTEP to the IP addresses of the set of VTEPs associated with the VNI of the VxLAN in the VTEP membership information that matches the VNI of the VxLAN identified by the VxLAN encapsulation of the received VxLAN packet;
if the comparing indicates that the source IP address of the originating VTEP is not included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, discarding the received VxLAN packet and blocking flooding of network frames to local endpoint systems on a local area network connected to the VTEP, wherein the discarding results in discarding the VxLAN packet when the VxLAN packet is a malicious VxLAN packet in which the IP source address and the VNI do not match the IP addresses and the corresponding VNIs of the membership information, respectively; and
if the comparing indicates that the source IP address of the originating VTEP is included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, decapsulating the VxLAN packet to recover the original Ethernet frame, and forwarding the recovered original Ethernet frame to a destination Media Access Control (MAC) address specified therein.

US Pat. No. 10,171,558

CROSS DEVICE APPLICATION DISCOVERY AND CONTROL

Microsoft Technology Lice...

1. A system comprising:a processor;
a memory;
one or more applications stored in the memory and executed, at least in part, by the processor; and
a cross device remote control module, stored in the memory, wherein the cross device remote control module is configured to discover remote applications on one or more target devices, and comprises:
a cross device application model client configured to:
connect to the one or more target devices via a network;
determine a level of trust between a device associated with the cross device remote control module and the one or more target devices is above a pre-determined trust level;
send, to the one or more target devices via the network, an application discovery query comprising a request for capability data corresponding to at least one of device information or application information on the one or more target devices; and
receive, from the one or more target devices via the network, one or more application discovery responses comprising an indication of a capability of the one or more target devices regarding the at least one of the device information or the application information; and
a remote application discovery client configured to:
process the one or more application discovery responses to determine the capability of each of the one or more target devices;
select a target device of the one or more target devices based at least in part on a determination of the capability of the target device; and
send a signal to the target device to perform a particular task.

US Pat. No. 10,171,557

METHOD AND DEVICE FOR PROCESSING MEDIA STREAMS BETWEEN A PLURALITY OF MEDIA TERMINALS AND A PROCESSING UNIT ALL CONNECTED TO ONE ANOTHER OVER A COMMUNICATION NETWORK

ALCATEL LUCENT, Boulogne...

1. A method for processing media streams between a plurality of media terminals and a processing unit over a communication network, the method comprising, by the processing unit:receiving, from each of the media terminals, corresponding media streams comprising video transmission and audio transmissions;
monitoring sound activity of each of the media terminals from the audio transmissions;
selecting the N loudest participants based on the monitored sound activity, wherein the selected participants are identified as active participants and non-selected participants are identified as non-active participants;
pausing audio transmissions while permitting video transmissions from the non-active participants by transmitting a first pause signal to the non-active participants to pause the audio transmissions from the non-active participants;
receiving a request from a moderator terminal to permit a selected non-active participant terminal to resume audio transmissions in addition to the video transmissions;
in response to the request, transmitting a resume signal to the selected non-active participant terminal and transmitting a second pause signal to one or more active participants to pause both audio and video transmissions,
wherein the resume signal, first pause signal, and second pause signal are in the form of and RTP/RTCP real-time communication protocol.

US Pat. No. 10,171,554

DISTRIBUTING SUBSCRIBER DATA IN A MOBILE DATA NETWORK

International Business Ma...

1. A mobile data network comprising:an antenna that communicates with user equipment;
at least one basestation coupled to the antenna that communicates with the user equipment via the antenna;
a plurality of data chunks residing in the mobile data network, each data chunk comprising:
a device address that makes the data chunk addressable as a physical device in the mobile data network;
a data portion corresponding to subscriber data for a subscriber;
a network component coupled to the basestation, the network component comprising a subscriber database that includes information relating to physical devices used by the subscriber to access the mobile data network, wherein the information relating to physical devices used by the subscriber comprises the device address of the data chunk;
a subscriber data mechanism residing in a component in the mobile data network that performs the steps of:
identifying a plurality of data chunks corresponding to a selected subscriber in the mobile data network that comprise subscriber data to be distributed;
identifying a plurality of devices in the mobile data network that each can receive at least one of the data chunks, wherein the identified plurality of devices comprises a plurality of mobile devices used by different subscribers of the mobile data network;
distributing the plurality of data chunks to the plurality of devices;
writing location of the plurality of data chunks to a tracking table in the mobile data network; and
writing the location of the plurality of data chunks to each of the plurality of devices.

US Pat. No. 10,171,553

METHOD FOR MONITORING AND CONTROLLING AN ACCESS CONTROL SYSTEM

1. A method for monitoring and controlling an access control system (12) having at least one server (16) and at least one access control device (22) which is connectable to the at least one server (16) for the purpose of data communication, the method comprising:positioning the at least one access control device in a location that facilitates monitoring and controlling the access of people to a controlled area;
providing a user with data goggles (1) for monitoring and controlling the access control system;
wirelessly connecting the data goggles to the at least one server (16) of the access control system (12) and the at least one access control device (22) for the purpose of data communication and receiving data in real time from at least one of the at least one server (16) and the at least one access control device (22), which enable the monitoring of the access control system (12);
displaying the data to the user of the data goggles (1) with a display device (10) of the data goggles (1);
controlling the access control system (12) with control commands which are input by the user into the data goggles (1) and transmitting the control commands from the data goggles to the at least one of the at least one server (16) and the at least one access control device (22);
inputting the control commands by one of voice control via a microphone (8) integrated in the data goggles (1), gesture control by a camera (7) integrated in the data goggles (1), actuation of a touchpad integrated in the data goggles (1), and eye tracking; and
actuating the at least one access control device based on the control commands input by the user into the data goggles to either allow or deny a person access to the controlled area.

US Pat. No. 10,171,549

NOTIFICATION ALERTS BASED ON INCREASED ACCESS TO A DIGITAL RESOURCE

International Business Ma...

1. A method for event notification, the method comprising:identifying, by one or more processors, a profile of a first user, wherein the profile of the first user includes one or more profile elements;
identifying, by one or more processors, a plurality of users having a corresponding profile that includes at least one profile element in common with the identified profile of the first user;
identifying, by one or more processors, a computer network accessible resource;
determining, by one or more processors, an increase in activity of the identified computer network accessible resource by the identified plurality of users;
identifying, by one or more processors, that the user profile of the first user includes another profile element, wherein the other profile element is associated with a location of the first user during a first period of time;
determining, by one or more processors, based on polling one or more devices of the first user via a network, a current physical location of the first user;
identifying, by one or more processors, a second period of time and a physical location related to a temporal occurrence of an event associated with the identified computer network accessible resource;
determining, by one or more processors, based on the other element of the profile of the first user and the determined current physical location of the first user, that the first user is within a physical and a temporal proximity of the temporal occurrence of the event associated with the identified computer network accessible resource; and
responsive to determining that the first user is within the physical and the temporal proximity of the event associated with the identified computer network accessible resource, communicating, by one or more processors, via the network, a notification to the first user utilizing a device of the first user that is active, wherein the communicated notification provides an indication of the determined increase in activity of the identified computer network accessible resource by the identified plurality of users.

US Pat. No. 10,171,547

NEIGHBOR DISCOVERY FOR IPV6 SWITCHING SYSTEMS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first IPv6 traffic at a first switch device of a multi device switching system comprising a plurality of switch devices, the plurality of switch devices linked together through a switching fabric and configured to operate as a single routing entity, wherein each of the plurality of switch devices is associated with a local switch device processor, and wherein the multi device switching system is controlled with a central controller comprising a central controller processor;
determining, at the first switch device, that the first IPv6 traffic comprises a neighbor discovery message, wherein determining that the first IPv6 traffic comprises the neighbor discovery message comprises:
comparing a message type associated with the first IPv6 traffic with a predetermined list of reserved internet control message protocol (ICMP) message types, wherein each of the reserved ICMP message types on the predetermined list are classified as comprising neighbor discovery messages, and
determining the first IPv6 traffic comprises the neighbor discovery message when the message type associated with the first IPv6 traffic matches with one of the reserved ICMP message types on the predetermined list, wherein the predetermined list is stored at the first switch device;
punting the first IPv6 traffic to a first local switch device processor associated with the first switch device only when the first IPv6 traffic comprises the neighbor discovery message;
receive a second IPv6 traffic at the first switch device;
determining, at the first switch device, that the second IPv6 traffic does not comprise the neighbor discovery message; and
punting, when the second IPv6 traffic does not comprise the neighbor discovery message, the second IPv6 traffic to the central controller processor.

US Pat. No. 10,171,544

RADIO BASE STATION

NTT DOCOMO, INC., Tokyo ...

1. A radio base station comprising:a processor that controls communication with a mobile station via one or more sessions in a bearer;
wherein the processor detects a change of at least one of an IP address and an SSRC (Synchronization Source) in a compressed header of a packet,
wherein when (i) a current number of established sessions is equal to a maximum number of sessions that can be supported by the radio base station or the mobile station and (ii) the processor attempts to add a new session in which header compression is applied, upon detection of the change of the at least one of the IP address and the SSRC, the processor deletes one of the established sessions to which header compression is applied and adds the new session; and
a transmitter that transmits the packet via the new session.

US Pat. No. 10,171,543

MEDIA STREAMING METHOD AND ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A method of a first electronic device transmitting packets constituting stream data, to a second electronic device for providing a streaming service, the method comprising:receiving, from the second electronic device, stream information comprising a system time of the second electronic device, a first timestamp of a packet received from the first electronic device at the system time, and a second timestamp of a packet being played in the second electronic device at the system time;
determining, by comparing the first timestamp with the system time, whether a first delay occurs;
determining, by comparing the first timestamp with the second timestamp, whether a second delay occurs; and
controlling, based on determining that at least one of the first delay or the second delay occurs, at least one packet of the stream data to be transmitted to the second electronic device.

US Pat. No. 10,171,542

METHOD FOR PROVIDING CLOUD STREAMING SERVICE, DEVICE AND SYSTEM FOR SAME, AND COMPUTER-READABLE RECORDING MEDIUM HAVING, RECORDED THEREON, CLOUD STREAMING SCRIPT CODE FOR SAME

SK TECHX CO., LTD., Seou...

1. A cloud service device comprising:a memory configured to store a predefined script code for cloud streaming; and
a processor configured to:
receive a request for a web page that is not defined for the cloud streaming from a terminal,
find a Java script code region in the web page,
determine whether the predefined script code for cloud streaming is inserted to the Java script code region,
identify an insertion location of the predefined script code,
insert the predefined script code into the insertion location when the predefined script code is determined not to be inserted to the Java script code region,
execute the predefined script code inserted in the web page,
redefine a designated object in the web page,
display a designated message of the web page on a main window,
create a capture image by capturing the web page having the inserted predefined script code,
encode the capture image,
transmit the encoded capture image to the terminal,
receive a message for activating the designated message from the terminal,
display the designated message on the main window based on the redefined designated object when the message is received, and
provide a processing result to the terminal,
wherein, when the predefined script code is determined to be inserted to the Java script code region, the processor is configured to encode the capture image.

US Pat. No. 10,171,541

METHODS, DEVICES, AND COMPUTER PROGRAMS FOR IMPROVING CODING OF MEDIA PRESENTATION DESCRIPTION DATA

Canon Kabushiki Kaisha, ...

1. A proxy for providing a standard manifest for requesting streamed timed media data associated with at least one media item, organized into temporal media segments, the streamed timed media data belonging to partitioned timed media data comprising timed samples, the streamed timed media data being transmitted as media segment files each comprising at least one independently processed component resulting from processing at least one of the timed samples, the proxy comprising at least one microprocessor configured for carrying out the steps of:receiving an enhanced manifest comprising metadata for describing the processed components, the metadata comprising parameters used for describing at least a part of one of the processed components,
wherein at least one of the parameters is a dynamic parameter which value can vary over time, the at least one parameter being associated with an element referring to a metadata resource which is external to the enhanced manifest and which comprises at least one value defining the at least one parameter;
determining which parameters are not resolved from the enhanced manifest as the at least one parameter; and
generating a standard manifest based on metadata of the enhanced manifest and of the at least one value defining the at least one parameter,
wherein the at least one parameter is resolved dynamically using remote information such that at least one parameter from the enhanced manifest may be dynamically re-evaluated without depending upon media presentation description.

US Pat. No. 10,171,540

METHOD AND APPARATUS FOR STREAMING VIDEO SECURITY

HIGH SEC LABS LTD, Yokne...

1. A streaming video security device comprising:an input LAN port for receiving packet-based streaming video input indicative of a video signal;
at least one streaming video decoder for receiving said streaming video input from said input LAN port and converting said streaming video input to raw video display-compatible output, said raw video display-compatible output comprising only non-packet-based image data;
at least one streaming video encoder for receiving said raw video display-compatible output and outputting safe video streaming packets;
at least one unidirectional data flow element having an input connected directly to an output of said at least one streaming video decoder and having an output connected directly to an input of said at least one streaming video encoder, said at least one unidirectional data flow element being configured to enforce transmission of said non-packet-based raw video display-compatible output only in the direction from said at least one streaming video decoder to said at least one streaming video encoder;
an output LAN port for transmitting said safe video streaming packets;
wherein said streaming video input indicative of a video signal undergoes conversion to said raw video display-compatible signal and then converted back to said streaming video output within the streaming video security device to thereby eliminate any malicious data or malicious code from the streaming video output, and
wherein said at least one unidirectional data flow element provides isolation between said at least one streaming video decoder and said at least one streaming video encoder.

US Pat. No. 10,171,539

METHOD AND APPARATUS FOR TIME STRETCHING TO HIDE DATA PACKET PRE-BUFFERING DELAYS

1. A method comprising:while rendering, via a processor, a first data packet in a stream of data packets, generating a fill packet associated with the first data packet; and
after rendering the first data packet, and before rendering a second data packet which is next to and following the first data packet in the stream of data packets, rendering the fill packet at a different speed relative to the rendering of the first data packet.

US Pat. No. 10,171,538

ADAPTIVELY SERVING COMPANION SHARED CONTENT

Google LLC, Mountain Vie...

1. A system comprising:a memory;
a processor, coupled to the memory, to:
provide, via an online service, media content for consumption by a user of a user device, wherein the media content is provided for playback within a media player of the user device;
provide in-stream content to the user device for automatic playback within the media player of the user device without the playback of the media content;
receive an indication of user interaction with the in-stream content that is automatically played back within the media player of the user device without the playback of the media content; and
select companion content to send to the user device based on the indication of user interaction, wherein the companion content is unrelated to the in-stream content and is selected responsive to the indication of user interaction suggesting that the user is uninterested in the in-stream content.

US Pat. No. 10,171,537

SEGREGATION OF ELECTRONIC PERSONAL HEALTH INFORMATION

1. A system, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
receiving a first data stream from a device;
determining that the first data stream comprises protected information based on an indication of a type of application associated with the first data stream, and a function of a location of the device, a time that the first data stream is received, and a user profile active on the device, wherein the protected information is electronic personal healthcare information;
in response to determining that the first data stream comprises the protected information, encrypting the first data stream resulting in an encrypted data stream;
adding metadata to the encrypted data stream indicating that the encrypted data stream comprises the protected information resulting in a modified first data stream;
segregating, based on the metadata of the modified first data stream, the modified first data stream from a second data stream provided by the device, the second data stream not comprising the electronic personal healthcare information; and
transmitting the modified first data stream and the second data stream via a network device of a mobile network.

US Pat. No. 10,171,536

RAPID OPTIMIZATION OF MEDIA STREAM BITRATE

ATLASSIAN PTY LTD, Sydne...

1. A method comprising:using a media server during a first media session between a client device and the media server, determining a stable bitrate value based on an actual rate at which the media server receives packets from the client device, the stable bitrate for use by the client device as an initial rate of transmitting multimedia data from the client device to the media server;
storing, in a database, the stable bitrate value for the client device in association with an identifier;
receiving, from the client device, a request to establish a second media session;
determining the identifier within the request;
in response to the request, based on the identifier in the request, searching the database for the stable bitrate value that is associated with the identifier;
in response to locating the stable bitrate value in the database and before receiving multimedia data from the client device, sending, by the media server, the stable bitrate value to the client device, wherein the client device estimates an initial bitrate for transmitting multimedia data from the client device to the media server in the second media session;
establishing, by the media server, the second media session;
receiving, initially and by the media server, multimedia data from the client device at the initial bitrate based on the stable bitrate.

US Pat. No. 10,171,535

CONTROLLING MP3 PLAYER

International Business Ma...

1. A computer system, comprising a computing device, an audio player device, and one or more computer readable hardware storage devices containing program instructions which upon being executed on both the computing device and the audio player device, implement a method for communicating an audio message file from the computing device to the audio player device, said method comprising:said computing device generating or selecting the audio message file;
said computing device creating a control file comprising a first entry, wherein the first entry comprises the identity of the audio player device, a name of the audio message file to be sent to the audio player device, a time stamp denoting a time at which to send the audio message file to the audio player device, and a queue flag having a value of TRUE if an attempt is to be made to send the audio message file to the audio player device later in response to a determination that the audio player device is not currently active;
said computing device parsing the first entry in the control file;
said computing device identifying from said parsing the first entry: the audio player device, the name of the audio message file, the time stamp, and the queue flag;
said computing device ascertaining whether the audio player device is currently active;
if said ascertaining ascertains that the audio player device is currently active, then said computing device sending an intent-to-send preliminary message to the audio player device, wherein the intent-to-send preliminary message contains the name of the audio message file, a size of the audio message file, and an Internet Protocol (IP) address of the computing device;
if said ascertaining ascertains that the audio player device is not currently active, then said computing device determining whether the queue flag has the value of TRUE, and in response to determining that the queue flag has the value of TRUE, said computing device adding the first entry to the control file as a next entry in the control file to process, parsing the first entry, and determining that the audio player device is currently active, and in response, said computing device sending the intent-to-send preliminary message to the audio player device;
after said sending the intent-to-send preliminary message to the audio player device, said computing device receiving, from the audio player device, an OK-to-send message, and in response, said computing device sending the audio message file from the computing device to the audio player device at the time denoted by the time stamp and said computing device deleting the first entry in the control file;
said audio player device receiving the audio message file sent from the computing device to the audio player device; and
in response to said receiving the audio message file, said audio player device halting play of a song or other audio content that was being played by the audio player device at a time of receipt of the audio message file and playing the audio message file approximately upon said halting play of the song or other audio content.

US Pat. No. 10,171,532

METHODS AND SYSTEMS FOR DETECTION AND CLASSIFICATION OF MULTIMEDIA CONTENT IN SECURED TRANSACTIONS

Citrix Systems, Inc., Fo...

31. A method for classifying multimedia content in one or more transactions, the method being performed by one or more processors, comprising:acquiring one or more transactions between a client device and a server device, wherein the one or more transactions include one or more requests from the client device and one or more corresponding responses from the server device;
detecting boundaries of the one or more transactions;
generating a multimedia session object based on the detected boundaries, the multimedia session object providing an indication of a number of transactions for communicating the multimedia content associated with a multimedia session between the client device and the server device; and
classifying the multimedia content based on the number of transactions indicated by the multimedia session object.

US Pat. No. 10,171,530

DEVICES AND METHODS FOR TRANSMITTING ADAPTIVELY ADJUSTED DOCUMENTS

Hisense USA Corp., Suwan...

1. An electronic device, comprising:a memory comprising a set of instructions for transmitting adaptively adjusted visual content in a home network system; and
a processor in communication with the memory, wherein when executing the set of instructions, the processor is directed to, through a home network:
establish a communication connection with a first target terminal device via the home network;
receive from the first target terminal device a first request to display a visual content;
obtain an original version of the visual content in response to the first request;
obtain an original vertical pixel resolution and an original horizontal pixel resolution of the original version of the visual content;
determine a first predetermined display requirement associated with the first target terminal device from a first pre-established device profile for the first target terminal device persistently maintained in the electronic device, wherein the first predetermined display requirement comprises a vertical pixel resolution and horizontal pixel resolution of the first target terminal device;
obtain a first ratio between the vertical pixel resolution and the original vertical pixel resolution;
obtain a second ratio between the horizontal pixel resolution and the original horizontal pixel resolution;
transform the original version of the visual content into a first version of the visual content to conform with the first predetermined display requirement based on at least smaller of the first ratio and the second ratio; and
send the first version of the visual content to the first target terminal device via the home network.

US Pat. No. 10,171,529

VEHICLE AND OCCUPANT APPLICATION INTEGRATION

AUTOCONNECT HOLDINGS LLC,...

1. A method of streaming a device application within a vehicle, comprising:providing a communication system that includes at least one communication transceiver;
receiving a signal by the communication transceivers;
identifying the origin of the signals by the communication system;
starting the device application within the vehicle;
receiving a user request to stream the device application to the vehicle;
determining if the vehicle is configurable to receive the stream;
when the vehicle is not configurable to receive the stream, notifying the user that the device application cannot be streamed;
when the vehicle is configurable to receive the stream, configuring the vehicle to receive the stream, streaming the device application to the vehicle, and displaying the device application on a vehicle display;
providing, in the vehicle, a first operating system and a second operating system executing on a common microprocessor, wherein the first operating system comprises one or more applications performing a critical vehicle task, function, or operation, and the second operating system comprises the device application;
collecting, by a computer control module, one or more metrics regarding an operation of the first operating system or the second operating system in communication with the computer control module, the computer control module including a profile identification module that collects a first metric regarding a persona of a vehicle occupant and seating position of the vehicle occupant, wherein the first metric is an age of the vehicle occupant;
determining, by the computer control module, whether the first metric of the collected one or more metrics is outside of a predetermined range;
when the first metric is outside the predetermined range, restricting, modifying, or shutting down the device application, but not the first operating system;
wherein the critical vehicle task, function or operation is one or more of monitoring, controlling, or operating the ECU, TCU, door settings, window settings, or blind spot monitor, monitoring, controlling, or operating the safety equipment, monitoring or controlling certain critical sensors, controlling the operation of the engine, head light control unit, power steering, display panel, switch state control unit, power control unit, or brake control unit, or issuing alerts to a user or remote monitoring entity of potential problems with a vehicle operation; and
wherein the critical sensors include at least one of a power source controller and energy output sensor, engine temperature sensor, oil pressure sensor, hydraulic pressure sensors, sensors for headlight and other lights, vehicle control system sensors, or steering/torque sensor.

US Pat. No. 10,171,527

GOAL-BASED CONNECTION MANAGEMENT BETWEEN PARTIES

International Business Ma...

1. A computer-implemented method for managing electronic communication connections, the computer-implemented method comprising:receiving, by a monitoring computer system, a message from a first party, wherein the message identifies a goal of the first party;
receiving, by the monitoring computer system, an identity of a second party that has been selected by the first party to assist the first party in achieving the identified goal of the first party;
creating, by the monitoring computer system, an electronic communication connection for electronic communications between the first party and the second party, wherein the electronic communications are related to accomplishing the identified goal of the first party;
monitoring, by the monitoring computer system, the electronic communications between the first party and the second party, wherein said monitoring executes message analytics to determine a status of the identified goal of the first party, wherein the message analytics identifies key words in the electronic communications that are related to the identified goal of the first party;
receiving, by the monitoring computer system, a goal abandonment message from the first party, wherein the goal abandonment message identifies an abandonment of the identified goal by the first party;
in response to receiving the goal abandonment message from the first party, disconnecting, by the monitoring computer system, the electronic communication connection between the first party and the second party;
determining, by the monitoring computer system, that a quantity of key words in the electronic communications between the first party and the second party falls below a predetermined frequency over a predefined period of time; and
in response to determining, by the monitoring computer system, that the quantity of key words in the electronic communications between the first party and the second party falls below the predetermined frequency over the predefined period of time, establishing, by the monitoring computer system, a new electronic communication connection between the first party and a third party that has been predetermined to be able to assist the first party in reaching the identified goal of the first party.

US Pat. No. 10,171,526

ON DEMAND IN-BAND SIGNALING FOR CONFERENCES

ATLASSIAN PTY LTD, Sydne...

1. A computer implemented method comprising:transmitting initial signaling data for a video conference using Web Real Time Communication (WebRTC) from a signaling server over a WebRTC signaling channel to a plurality of client computing devices, wherein the initial signaling data comprises data needed for a client computing device to connect to the video conference and wherein the initial signaling data omits identifiers for media data;
establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server;
sending, by the media server, media data for a subset of the plurality of client computing devices to the plurality of client computing devices;
sending, by the media server, identifiers of the media data to the plurality of client computing devices.

US Pat. No. 10,171,525

AUTONOMIC MEETING EFFECTIVENESS AND CADENCE FORECASTING

INTERNATIONAL BUSINESS MA...

1. A method comprising:configuring an autonomous system to receive meeting participation data from a meeting participation tool that is configured in a meeting environment;
collecting, using the autonomous system via the meeting participation tool of the meeting environment, the meeting participation data of a meeting in-progress, the meeting comprising a group of participants;
analyzing, using the autonomous system, the meeting participation data to identify a topic being discussed in the meeting;
forecasting, using the autonomous system, using a processor and a memory, using a trend of affective states of a participant, a future affective state of the participant relative to the topic;
evaluating, using the autonomous system, the future affective state to conclude that data contributed by the participant at a future time in the meeting is not likely to progress the topic to completion by at least a specified degree;
selecting, using the autonomous system, a cognitive system (cog) trained in the subject-matter; and
adding, using the autonomous system, the cog to the meeting before the future time and while the meeting is in-progress, the adding the cog causing the cog to receive the meeting participation data from the meeting participation tool in the meeting environment, and further causing the cog to insert a cog output in the meeting participation data.

US Pat. No. 10,171,524

METHODS AND SYSTEMS FOR ESTABLISHING, HOSTING AND MANAGING A SCREEN SHARING SESSION INVOLVING A VIRTUAL ENVIRONMENT

Adobe Systems Incorporate...

1. A web conferencing system comprising:one or more processors of a web conferencing server; and
one or more computer storage media storing computer-executable instructions that, when executed by the one or more processors, implement a method comprising:
receiving, from a web conferencing application executing at a host computing device, a request to establish a web conferencing session, the web conferencing session including the host computing device and a participant computing device,
based on the request to establish the web conferencing session, establishing the web conferencing session,
receiving, from the web conferencing application executing at the host computing device, a request to establish a remote desktop connection with a remote computing device, wherein the remote desktop connection enables the host computing device to control the remote computing device and provides for sharing a graphical user interface that is generated by the remote computing device for presentation at a display of the remote computing device, and wherein the request to establish the web conferencing session and the request to establish the remote desktop connection are received in a single communication session between the host computing device and the web conferencing server,
receiving, from the web conferencing application executing at the host computing device, an indication of an identity of the remote computing device, wherein the indication of the identity of the remote computing device is received based on a prompt for information identifying the remote computing device,
based on the request to establish the remote desktop connection with the remote computing device and on the indication of the identity of the remote computing device, establishing the remote desktop connection with the remote computing device, and
based on the remote desktop connection, sharing the graphical user interface that is generated by the remote computing device with the host computing device and the participant computing device.

US Pat. No. 10,171,523

MULTI-TIER PUSH SERVICE CONTROL ARCHITECTURE FOR LARGE SCALE CONFERENCE OVER ICN

Futurewei Technologies, I...

1. A multi-tier conference service controller comprising:a network interface connecting the conference service controller to a plurality of conference service proxies and further connecting the conference service controller to a plurality of conference service clients via the conference service proxies to form a multi-tier conference service network;
a memory configured to store a conference digest log, the conference digest log comprising a plurality of conference events performed by the conference service clients, each of the conference events comprising a fingerprint (FP) update, the conference digest log comprising a plurality of entries associated with previous FP updates for the conference events performed by the conference service clients; and
a processor coupled to the network interface and the memory, wherein the processor is configured to:
receive, via the network interface, a first message from a first conference service proxy, the first message comprising a first FP update associated with a recent conference event performed by a first conference service client associated with the first conference service proxy, the first FP update comprising a type of the recent conference event, a signature profile of a conference participant associated with the first conference service client, and a non-location based address of a data object associated with the recent conference event and being related to content that is accessed during the recent conference event;
update the conference digest log according to the first FP update;
push, via the network interface, a second message to a second conference service proxy, the second message comprising a current entry for the first conference service proxy in the conference digest log, a last entry for the first conference service proxy obtained from the entries associated with the previous FP updates, and the first FP update of the first message;
perform a third update to the conference digest log by removing the first conference service client from the conference digest log; and
push, via the network interface, a third message indicating the removal of the first conference service client to the second conference service proxy.

US Pat. No. 10,171,522

VIDEO COMMENTARY

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, at a computing device associated with a viewing user, video media content, wherein the viewing user is a member of a social network;
displaying, at the computing device, a graphical user interface (GUI) that includes a media display portion for the video media content and a comment display portion for comments received from one or more other users, wherein the GUI further includes at least one user selectable option to selectively display comments from the one or more other users;
playing, at the computing device, the video media content; and
receiving, at the computing device via the at least one user selectable option of the GUI, a first selection of a first set of the one or more other users who are members of the social network,
wherein the first selection indicates a request of the viewing user to view comments associated with the first set of the one or more other users,
wherein one or more of the comments associated with the first set of the one or more other users are displayed in the comment display portion of the GUI in response to receiving the first selection.

US Pat. No. 10,171,521

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of seamlessly conferencing a telephone call, comprising:establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,520

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A system for seamlessly conferencing a telephone call, comprising:a computer comprising a processor; and
instructions which are executable, using the processor, to implement functions comprising:
establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,518

PERFORMING AN ACTION ON CERTAIN MEDIA STREAMS IN A MULTIMEDIA COMMUNICATIONS NETWORK

Telefonaktiebolaget LM Er...

1. A method for controlling a media session involving a plurality of media streams within a communications network, wherein the communications network comprises a media resource node and a media control node controlling the media resource node, the method comprising the media control node:determining that selected media streams out of the plurality of media streams are associated to each other in the media session;
generating a first instruction to group the determined selected media streams, the first instruction comprising a description packet for each of the determined selected media streams associated to a termination of the media resource node;
transmitting, to the media resource node, the first instruction to group the determined selected media streams; and
transmitting, to the media resource node, a second instruction to prepare for performing an action with respect to the determined selected media streams, wherein the second instruction comprises an indication of a media stream identifier representing the group of the determined selected media streams and an indication of the action to be performed.

US Pat. No. 10,171,517

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer system for handling notification about a malformed SIP response, the computer program product, the computer system comprising:a processor(s) set;
a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication,
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,516

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer program product for handling notification about a malformed SIP response comprising:a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication;
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,511

MEDIA SESSION BETWEEN NETWORK ENDPOINTS

Microsoft Technology Lice...

1. A computer-implemented method of establishing a media session between a first endpoint and a second endpoint via a communication network based on connectivity checks performed by the endpoints, the method comprising performing operations by the first endpoint, comprising:generating at the first endpoint a set of candidate pairs for connectivity checks by exchanging network addresses between the first and second endpoints;
assigning, by the first endpoint, a respective priority to each candidate pair of the candidate pair set to produce a first priority ordering of the candidate pairs;
determining by the first endpoint whether one or more connectivity check modification criteria is met for each candidate pair of the candidate pair set, wherein the connectivity check modification criteria is evaluated for each candidate pair based on characteristics of a potential network path operable between the first endpoint and the second endpoint that uses the candidate pair;
modifying, by the first endpoint and based on the determination of whether the connectivity check modification criteria is met, the respective priority of each candidate pair of the candidate set to produce a second priority ordering of the candidate pairs, such that candidate pairs that meet the connectivity check modification criteria are assigned a higher priority than any candidate pair that does not meet the connectivity check modification criteria;
determining the validity of at least two of the candidate pairs by performing connectivity checks in turn according to the second priority ordering of the candidate pairs; and
establishing the media session using a candidate pair determined to be valid.

US Pat. No. 10,171,509

FILTERING AND REDACTING BLOCKCHAIN TRANSACTIONS

International Business Ma...

1. A method, comprising:identifying a blockchain transaction;
processing content of the blockchain transaction to identify prohibited content;
determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction;
determining that the content is disapproved after the blockchain transaction is logged in a blockchain;
determining to redact the blockchain transaction; and
redacting the blockchain transaction logged in the blockchain by creating and storing a transaction redaction contract in a genesis block of the blockchain.

US Pat. No. 10,171,506

NETWORK SECURITY MANAGEMENT VIA SOCIAL MEDIA NETWORK

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving, by a network security appliance of a private network of an enterprise, an authentication request from a client machine coupled in communication with the private network;
responsive to the authentication request, causing a user of the client machine to be authenticated by a social media network through a personal social media network account of the user by directing, by the network security appliance, the client machine to a social login interface of the social media network;
responsive to a successful authentication by the user with the social media network via the social login interface, receiving, by the network security appliance, an access token from the social media network;
retrieving, by the network security appliance, a user profile of the user from the social media network by requesting the user profile via an application programming interface (API) of the social media network and supplying the access token;
determining, by the network security appliance, social relationship information from the user profile;
assigning, by the network security appliance, a local network security policy to the user based on the social relationship information, wherein the local network security policy defines access rights by the user for a subset of network resources of a plurality of network resources associated with the private network; and
applying, by the network security appliance, the local network security policy to access requests made by the client device in relation to one or more of the plurality of network resources.

US Pat. No. 10,171,505

PREVENTATIVE ENTERPRISE CHANGE MANAGEMENT

INTERNATIONAL BUSINESS MA...

1. A method for implementing change control management in computing center environments by a processor, comprising:monitoring, by a hardware component configured to be worn by the user, a physical activity of a user performing an action associated with computing component repair or replacement in the computing center environment;
using the hardware component to biometrically identify the user as authorized to perform the action in the computing center environment; and
when the monitored activity is one of determined to be contrary and predicted to be contrary to a preferred, predetermined action for the computing center environment, performing each of:
alerting the user that the action is contrary using the hardware component configured to be worn by the user, and
performing an operation that secures data in the computing center environment from damage potentially caused by the contrary action; wherein the operation comprises putting at least a portion of the computing center environment into a recoverable downstate including initiating a data dump operation.

US Pat. No. 10,171,504

NETWORK ACCESS WITH DYNAMIC AUTHORIZATION

Cisco Technology, Inc., ...

1. A method comprising:receiving at an enforcement node, a request to access a network from an endpoint;
transmitting at the enforcement node, the access request to a policy server;
receiving at the enforcement node from the policy server, a dynamic authorization for a communication session between the endpoint and the network, the dynamic authorization comprising a plurality of ranks and a policy for access to the network by the endpoint during the communication session for each of said ranks;
assigning the endpoint to one of said ranks and applying said policy associated with said rank to traffic received from the endpoint at the enforcement node during the communication session between the endpoint and the network; and
assigning the endpoint to a different one of said ranks and applying said policy associated with said rank to the traffic received from the endpoint during the communication session between the endpoint and the network without reauthentication of the endpoint;
wherein assigning comprises dynamically promoting or demoting the endpoint to a different one of said ranks.

US Pat. No. 10,171,503

METHODS FOR SCALING INFRASTRUCTURE IN A MOBILE APPLICATION ENVIRONMENT AND DEVICES THEREOF

F5 Networks, Inc., Seatt...

1. A method for scaling infrastructure in a mobile application environment, the method implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, and the method comprising:executing a compliance policy with respect to a plurality of mobile devices;
selecting a mobile application to be updated based on the compliance policy;
updating state information based on the selection of the mobile application to be updated;
obtaining a number of updates of the mobile application selected to be updated on the plurality of mobile devices using the updated state information;
determining a number of mobile application updates reaches an update threshold; and
modifying a number of backend enterprise web applications executing on one or more web application servers that service the updated mobile application based on the number of mobile application updates reaching the update threshold.

US Pat. No. 10,171,500

SYSTEMS, APPARATUSES, AND METHODS FOR ENFORCING SECURITY ON A PLATFORM

INTEL CORPORATION, Santa...

1. A system comprising:a manageability engine of a computer platform comprising a processor, the manageability engine to detect if a software agent of the computer platform is removed by using a watchdog service that detects if there is a presence of the software agent by detecting the software agent sending a presence message within a certain time period or frequency of sending the presence message, wherein the manageability engine is isolated from the processor of the computer platform; and
a software agent enclave, wherein the software agent enclave and manageability engine each include a specific session key to be used for communications between the software agent enclave and the manageability engine, and wherein the software agent is run in the software agent enclave; wherein the manageability engine includes a service layer to maintain a table of manageability engine services, software agent enclaves, and their corresponding keys and restarts the software agent or shuts down the system if the watchdog service does not detect the presence of the software agent.

US Pat. No. 10,171,499

ZONE-BASED SECURITY ARCHITECTURE FOR INTRA-VEHICULAR WIRELESS COMMUNICATION

1. A method for vehicular communication, comprising:establishing two or more secure zones on a vehicle system, each secure zone belonging to a secured network segment which is not a public network segment and to which predefined authorized users have access and unauthorized users do not have access and having a respective one or more node devices;
performing an authentication procedure to authenticate and authorize the one or more node devices;
establishing at least one secure wireless communication tunnel between the two or more secure zones; and
establishing a dynamic address learning mechanism for data routing between the two or more secure zones.

US Pat. No. 10,171,498

SECURE CRYPTO MODULE INCLUDING ELECTRICAL SHORTING SECURITY LAYERS

International Business Ma...

1. A cryptographic adapter card comprising:a printed circuit board (PCB) comprising a connector that interconnects with a motherboard;
a secure crypto module comprising a shield surrounding a daughter card electrically connected to the PCB;
the daughter card comprising: a first conductive layer; a security matrix layer comprising first microcapsules comprising a first reactant, second microcapsules comprising a second reactant, third microcapsules comprising a third reactant, and fourth microcapsules comprising a fourth reactant, wherein an electrically conductive material is formed by the first reactant reacting with the second reactant; a second conductive layer; a crypto component; and a monitor device electrically connected to the first conductive layer and to the second conductive layer;
wherein the first microcapsules and second microcapsules are ruptured when a void is formed within the security matrix layer;
wherein a destruct feature of the crypto component is programmed in response to the monitor device detecting an electrical short between the first conductive layer and the second conductive layer; and
wherein a self-healing material is formed by the third reactant reacting with the fourth reactant, the self-healing material filling the void within the security matrix layer.

US Pat. No. 10,171,496

BEACON SPOOFING PREVENTION

Cisco Technology, Inc., ...

1. A method comprising:at a server configured to communicate with a mobile device over a network:
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including: a unique identifier representing a serial number of the beacon device; non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;
incrementing a local verification value from the initial seed value based on a clock according to the security algorithm;
performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server;
if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and
if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device.

US Pat. No. 10,171,495

DETECTION OF MODIFIED REQUESTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, to a resource provider environment, a request for a connection to a resource;
determining a set of connection parameters for the request, the connection parameters selected from at least two layers of a networking framework;
analyzing the set of connection parameters, prior to establishing the connection to the resource, to determine connection parameter data corresponding to at least one combination of at least a subset of the set of connection parameters;
comparing the connection parameter data to a set of connection parameter signatures, each connection parameter signature corresponding to a previously determined combination and ordering of connection parameters having a determined probability of corresponding to a man-in-the-middle attack on a respective connection;
determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the connection parameter data;
calculating, for the request, a request probability value based at least in part upon the respective probabilities of the one or more matching signatures;
comparing the request probability value to a probability threshold; and
performing at least one determined action in response to the request probability value exceeding the probability threshold.

US Pat. No. 10,171,494

SCARECROW FOR DATA SECURITY

International Business Ma...

1. A computer-implemented method comprising:receiving information pertaining to network data traffic being communicated between a protected resource that is network accessible and a plurality of computers, including a first computer that is at least partially under the control of a user;
determining, by machine logic performed by a machine, and based at least in part on a set of detection rules, and the information, that the plurality of computers are acting in concert to perform a hacking transaction with respect to the protected resource; and
in response to determining that the plurality of computers are acting in concert to perform the hacking transaction:
generating, by machine logic performed by a machine, a plurality of scarecrow messages, respectively corresponding to the plurality of computers, designed for display in human understandable form and format,
sending the plurality of scarecrow messages, through a network communication channel, to respectively corresponding computers of the plurality of computers, and
sending, by machine logic performed by a machine, a security alert to a security product;
wherein:
the set of detection rules enables detection of at least one indicator of a hacking transaction where the indicator of the hacking transaction is any set of communication(s) from the first computer that tend to indicate that the first computer is engaged in subverting security of the protected resource; and
each respective scarecrow message is a customized warning message, the content of which comprises an element that is selected from the group consisting of: an internet protocol (IP) address associated with the respectively corresponding computer; a phantom background process; and a log-in chain associated with the respectively corresponding computer.

US Pat. No. 10,171,492

DENIAL-OF-SERVICE (DOS) MITIGATION BASED ON HEALTH OF PROTECTED NETWORK DEVICE

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving from an administrator of a private network, by a Denial of Service (DoS) mitigation device associated with the private network and logically interposed between a plurality of computing devices residing external to the private network and a network device protected by the DoS mitigation device, information indicative of a traffic metric threshold and one or more health parameter thresholds;
receiving, by the DoS mitigation device, traffic directed to the protected network device from the plurality of computing devices; and
tracking, by the DoS mitigation device, a traffic metric representing a measure of the traffic being processed by the protected network device; and
selectively forwarding or dropping, by the DoS mitigation device, the traffic based on a combination of the traffic metric, the traffic metric threshold, one or more health parameters associated with the protected network device and the one or more health parameter thresholds by:
when the traffic metric is at or below the traffic metric threshold, forwarding, by the DoS mitigation device, the traffic to the protected network device; and when the traffic metric is greater than the traffic metric threshold:
monitoring, by the DoS mitigation device, the one or more health parameters associated with the protected network device, the one or more health parameters individually or collectively indicative of an ability or an inability of the protected network device to handle additional traffic;
when a health status of the protected network device resulting from a comparison of the one or more health parameters to corresponding thresholds of the one or more health parameter thresholds is indicative of the ability of the protected network device to handle additional traffic, forwarding, by the DoS mitigation device, the traffic to the protected network device; and
when the health status is indicative of the inability of the protected network device to handle additional traffic, preventing, by the DoS mitigation device, the traffic from being received by the protected network device by dropping the traffic.

US Pat. No. 10,171,491

NEAR REAL-TIME DETECTION OF DENIAL-OF-SERVICE ATTACKS

Fortinet, Inc., Sunnyval...

1. A method for detecting a distributed denial-of-service (DDoS) attack, the method comprising:receiving, at a network device, a plurality of access requests from a source Internet Protocol (IP) address;
storing, in a first database operatively coupled with the network device, temporal information relating to the plurality of access requests from the source IP address;
determining, by the network device, based on a first defined condition, whether compression is to be performed on the stored temporal information;
compressing the stored temporal information, by the network device, when a result of said determining is affirmative;
computing, by the network device, a compression ratio of the compressed temporal information with respect to the stored temporal information in uncompressed form; and
identifying, by the network device, the source IP address as malicious when the compression ratio is greater than a defined baseline value.

US Pat. No. 10,171,490

SYSTEM AND METHOD FOR STRATEGIC ANTI-MALWARE MONITORING

Tenable, Inc., Columbia,...

1. A system for detecting and remediating botnet participation in a network, comprising:a memory; and
one or more processors coupled to the memory and configured to:
communicate with a scanning target located in the network to obtain netstat information describing a plurality of current connections on the scanning target;
identify, from the obtained netstat information, a source Internet Protocol (IP) address and a destination IP address associated with each of the plurality of current connections on the scanning target;
detect that the scanning target is a participant in a botnet in response to one or more of the source IP address or the destination IP address associated with at least one of the plurality of current connections appearing in a list that includes one or more known botnet IP addresses;
determine connectivity associated with the botnet based at least in part on the netstat information describing the plurality of current connections on the scanning target, wherein the determined connectivity indicates a topology associated with one or more compromised hosts that have been recruited into participation in the botnet and botnet traffic attributable to each of the one or more compromised hosts; and
disable network connectivity for at least the scanning target and the one or more compromised hosts to isolate the network from the botnet traffic.

US Pat. No. 10,171,489

METHOD FOR COMPUTER SECURITY BASED ON MESSAGE AND MESSAGE SENDER

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:receiving an email message that is associated with HyperText Markup Language (HTML);
determining a sender of the email message;
determining whether the sender of the email message is trusted, wherein determining whether the sender of the email message is trusted includes determining whether the sender of the email message is associated with a whitelist;
retrieving domain-related information by performing a DNS query on a domain associated with the sender of the email message;
based on at least in part on the domain-related information, determining whether the sender of the email message is verified;
when the sender is both trusted and verified, treating the email message as trustworthy;
in response to treating the email message as trustworthy, rendering the HTML when displaying the email message;
when the sender is not trusted and verified, treating the email message as not trustworthy; and
in response to treating the email message as not trustworthy, displaying a restricted version of the email message.

US Pat. No. 10,171,488

USER BEHAVIOR PROFILE

Forcepoint, LLC, Austin,...

1. A computer-implementable method for generating a cyber behavior profile, comprising:monitoring electronically-observable user interactions, the electronically-observable user interactions comprising a behavior exhibited by a user that is observed through the use of at least one of an electronic device, a computer system and a software application executing on the computing system;
converting the electronically-observable user interactions into electronic information representing the electronically-observable user interactions, the electronic information representing the electronically-observable user interactions comprising multi-layered electronic information, each layer of the multi-layered electronic information corresponding to a respective layer of user interaction; and
generating a multi-dimensional cyber behavior profile based upon the multi-layered electronic information representing the user interactions;
identifying a known good interaction between the user and the information handling system;
storing a representation of the known good interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a known good user behavior element;
identifying an anomalous interaction between the user and the information handling system;
storing a representation of the anomalous interaction between the user and the information handling system within the multi-dimensional cyber behavior profile as a suspect user behavior element;
generating a user behavior profile score and a hash based upon the known good interaction and the anomalous interaction; and,
storing the user behavior profile score and the hash within the multi-dimensional cyber behavior profile.

US Pat. No. 10,171,487

GENERATING A VIRTUAL DATABASE TO TEST DATA SECURITY OF A REAL DATABASE

International Business Ma...

1. A computer system for determining a data security risk level of a virtual database, the computer system comprising:a bus system;
a storage device connected to the bus system, wherein the storage device stores program instructions; and
a processor connected to the bus system, wherein the processor executes the program instructions to:
import an object catalog corresponding to a real database into the virtual database;
organize objects in the object catalog by levels within the virtual database;
determine whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions;
return a data security test failure result in response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action in response to determining that one or more test query messages in the traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions; and
determine a data security risk level for the virtual database based on the returned data security test result.

US Pat. No. 10,171,486

SECURITY AND AUTHENTICATION DAISY CHAIN ANALYSIS AND WARNING SYSTEM

International Business Ma...

1. A method, implemented by an information handling system that includes one or more processors and a memory accessible by at least one of the processors, the method comprising:monitoring a plurality of sets of user authentication data pertaining to a first plurality of network sites, wherein each of the sets of user authentication data is used by a user to access one of the first plurality of network sites;
storing a first set of metadata pertaining to the plurality of sets of user authentication data in a database;
gathering a plurality of outputs displayed by a second plurality of network sites, wherein the first plurality of network sites is a subset of the second plurality of network sites;
storing a second set of metadata pertaining to the plurality of outputs in the database;
performing an analytical analysis based on the sets of user authentication data and the gathered outputs; and
alerting the user regarding one or more security vulnerabilities, wherein at least one of the vulnerabilities corresponds to a selected one of the plurality of outputs matching at least a portion of a selected set from the user authentication data, and wherein the alerting further comprises providing a visual representation that depicts one or more links between the first set of metadata and the second set of metadata.

US Pat. No. 10,171,485

SYSTEM CONVERSION IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of providing security in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a first system in the networked computing environment;
determining a distance between a second system in the networked computing environment and the first system, the second system being a non-breached system;
determining whether or not the non-breached second system is an at-risk system based on whether or not the determined distance between the non-breached second system and the first system exceeds a threshold; and
in response to determining that the non-breached second system is the at-risk system, re-generating, by the at least one computer device, the non-breached second system as a new virtual machine at a new location in the networked computing environment,
wherein the determining whether or not the non-breached second system is the at-risk system comprises determining a risk factor for the non-breached second system and comparing the risk factor to the threshold.

US Pat. No. 10,171,484

SECURING SERVICES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

4. A system, comprising:a CPU, a computer readable memory and a computer readable storage medium associated with a computer device of a service provider;
program instructions to receive, by the computer device, a breach notification from a user device, wherein the user device includes a client that corresponds to the service provider, and the breach notification indicates a potential security compromise of the user device;
program instructions to identify, by the computer device, a plurality of user devices that have the client; and
program instructions to transmit, by the computer device, a respective security profile, from among a plurality of security profiles, to each of the identified plurality of user devices, wherein each of the plurality of security profiles defines a security challenge that must be completed by a respective user device, from among the plurality of user devices, to obtain access,
wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory,
wherein each respective security profile, from among the plurality of security profiles, is specific to a corresponding one of the plurality of user devices, and different from security profiles of others of the plurality of user devices.

US Pat. No. 10,171,483

UTILIZING ENDPOINT ASSET AWARENESS FOR NETWORK INTRUSION DETECTION

Symantec Corporation, Mo...

1. A method comprising:determining, by a prioritizing scan, a destination identifier from a network payload;
performing, by the prioritizing scan, a hash function on the destination identifier to compute a hash value, wherein a destination endpoint is determined by using the hash value as a key to query destination mapping data and wherein the hash function is defined in stored configuration data;
determining, by a processing device executing an intrusion device, a sensitivity level of the destination endpoint that was determined based on the hash value, wherein the sensitivity level is based at least in part on a content of data stored at the destination endpoint;
identifying one or more rules that correspond to sensitive content data stored at the destination endpoint, wherein the one or more rules describe a number of signatures in a subset of the plurality of signatures and specify individual signatures from the plurality of signatures to be included in the subset of the plurality of signatures and a prioritization action;
wherein the subset of signatures specific to the sensitive content data stored at the destination endpoint comprises a number of signatures that is proportional to a sensitivity level of content data stored at the destination endpoint, and wherein first content of the specific subset of the plurality of signatures is distinct from second content of other subsets of the plurality of signatures that correspond to other sensitivity levels; and
determining, by the intrusion device, whether network data comprises an intrusion in view of the subset of signatures, wherein determining whether the network data comprises an intrusion comprises prioritizing scanning of the network data in view of one or more thresholds for various sensitivity levels of the destination endpoint, and applying the prioritization action to the network data.

US Pat. No. 10,171,482

PRE-PROCESSING BEFORE PRECISE PATTERN MATCHING

International Business Ma...

1. A computer system for identifying a target pattern from a stream of patterns, the target pattern and the stream of patterns comprises consecutive elements and the target pattern comprises one or more of the consecutive elements of the stream of patterns, the method comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on the one or more computer-readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:
program instructions to acquire a first occurrence value for each element in the target pattern, wherein the first occurrence value is equal to the number of times each element occurs in the target pattern;
program instructions to store a predetermined number of consecutive elements from the stream of patterns in a buffer as a section of elements, wherein the section of elements is defined by a buffer starting point indicator and a buffer ending point indicator;
program instructions to determine a second occurrence value for each element in the target pattern, wherein the second occurrence value is equal to the number of times each element in the target pattern occurs in the section of elements stored in the buffer;
program instructions to update the buffer to include one additional element in the section of elements by moving the buffer ending point indicator towards the end of the stream of patterns by one element;
program instructions to repeat determining the second occurrence value and updating the buffer until the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to output the elements in the buffer in response to determining the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to perform a precise pattern matching operation on the outputted elements of the buffer to determine if the target pattern is contained within only the last x elements of the buffer, wherein x is equal to the number of elements in the target pattern; and
in response to determining the target pattern is not contained within the last x elements of the buffer, program instructions to reset the buffer to its initial length by updating the buffer starting point indicator to indicate the (y ?x +1)th character, wherein y is equal to the buffer ending point indicator.

US Pat. No. 10,171,481

SYSTEM AND METHOD FOR ENHANCED DISPLAY-SCREEN SECURITY AND PRIVACY

INTERNATIONAL BUSINESS MA...

1. A security system comprising:a memory;
a hardware processor coupled to the memory;
a sensitivity determining module including instructions on said memory executed by the hardware processor for assigning a sensitivity value for text in a communication, wherein when the communication includes keywords in a sequence designated as being sensitive the sensitivity value is greater than a threshold sensitivity level, and when the communication does not include said keywords designated as being sensitive, the sensitivity values is less than the threshold sensitivity level;
a parsing module including instructions on said memory executed by the hardware processor for parsing the communication into a sequence of text fragments when the value of sensitivity assigned to said text in the communication by the sensitivity determining module exceeds the threshold sensitivity value, and indicates a sensitive message, or not parsing the communication when the value of the sensitivity assigned to said text in the communication by the sensitivity determining module does not exceed the threshold sensitivity value, and indicates a message that is not sensitive, wherein the parsing module for parsing sensitive communications changes the order of letters in each word of the communication except for the first letter and last letter of said each word; and
a transmission module including instructions on said memory executed by the hardware processor for transmitting the communication of the sensitive message as the sequence of text fragments as a rapid serial visualization (RSV) presentation, or transmitting the communication without parsing when the message is not sensitive.

US Pat. No. 10,171,480

CLOUD-BASED SURVEILLANCE WITH INTELLIGENT TAMPER PROTECTION

INTERNATIONAL BUSINESS MA...

1. A computer implemented method for managing a security system, the computer-implemented method comprising:receiving, at a central communication unit from a first surveillance device, a recording of first surveillance data captured by the first surveillance device, wherein the first surveillance data is received by way of at least one of a first transmission channel and a second transmission channel between the first surveillance device and the central communication unit, wherein the second transmission channel is redundant with the first transmission channel;
transmitting the first surveillance data, from the central communication unit to a cloud storage, wherein the first surveillance data is transmitted by way of at least one of a third transmission channel and a fourth transmission channel between the first surveillance device and the central communication unit, wherein the fourth transmission channel is redundant with the third transmission channel; and
performing buffering preparations on the first surveillance data prior to the central communication unit transmitting the first surveillance data to the cloud storage, wherein the buffering preparations performed are dependent on a current state of the security system.

US Pat. No. 10,171,479

FAST MULTICAST MESSAGING ENCRYPTION AND AUTHENTICATION

SONY INTERACTIVE ENTERTAI...

1. A sender device comprising:at least one computer memory that is not a transitory signal and that comprises instructions executable by at least one processor to:
access a first key;
encrypt the first key with a second key to render an encrypted key;
encrypt the encrypted key with a key of at least a first recipient device to render a first device key (FDK);
concatenate the first FDK and the encrypted key to render a concatenation;
sign the concatenation to render a signed concatenation; and
distribute the signed concatenation to at least the first receiver for use in securely exchanging digital information at least in part by using the sender device to transmit the signed concatenation to the first receiver.

US Pat. No. 10,171,478

EFFICIENT AND SECURE METHOD AND APPARATUS FOR FIRMWARE UPDATE

1. A vehicle, comprising:an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package;
a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and
one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU.

US Pat. No. 10,171,477

AUTHENTICATED DATA STREAMING

Amazon Technologies, Inc....

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:establish a Hypertext Transport Protocol (“HTTP”) connection to a service;
send a header of an HTTP multipart request to the service via the HTTP connection;
acquire data representing a portion of a content stream;
after sending the header, send the data to the service via the HTTP connection as a first part of the HTTP multipart request;
determine an authentication code for the portion of the content stream; and
send the authentication code to the service via the HTTP connection as a second part of the HTTP multipart request after sending the first part.

US Pat. No. 10,171,476

SYSTEM AND METHOD FOR PROTECTING THE PRIVACY OF IDENTITY AND FINANCIAL INFORMATION OF THE CONSUMER CONDUCTING ONLINE BUSINESS

1. A method of providing verification of an individual to a third party by providing to the third party a representation of an originally issued identity document associated with information provided by the individual during the verification process comprising:providing to a first electronic device first credential information relating to the individual associated with the first electronic device; the first credential information authorizing submission of a first message to a remote server;
transmitting first data from the first electronic device to the remote server, the first data comprising an authorization to submit information derived from the originally issued identity document to a second device associated with the third party;
transmitting second data from the first electronic device to the remote server, the second data comprising second credential information needed to complete independent verification of the first data by the remote server;
the remote server cryptographically combining the first data and the second data to generate a result and using the result to locate a matching verification entry in a database or similar data storage entity;
in response to locating the match of verification entry, delivering third data by the remote server to a second electronic device associated with the third party, the third data consisting of the information derived from the originally issued identity document required by the third party; and
denying delivering the third data when the matching verification entry cannot be located.

US Pat. No. 10,171,475

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

McAfee, LLC, Santa Clara...

1. At least one machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:receiving, at a gateway device in a protected network from a cloud services device connected to the gateway device via a network connection, message metadata of an email message received at the cloud services device en route to an intended recipient associated with the protected network from a sender in an external network, wherein the message metadata is to be received without receiving the email message, is communicated as a bespoke extension to SMTP protocol, and includes at least one of connection information for the email message and protocol information for the email message, the connection information for the email message including at least one of an IP address of a sending host and a domain of the sending host and the protocol information for the email message including at least one of a sender email address, a sender domain name, a recipient email address, and a recipient domain name;
sending from the gateway device to the cloud services device a request for scan results data of the email message based on determining by the gateway device that receiving the email message is not prohibited by one or more metadata policies;
receiving the scan results data without receiving the email message;
based, at least in part, on the scan results data, sending a response to cause the email message to be forwarded from the cloud services device to the protected network;
receiving the email message in the protected network;
scanning the received email message for content prohibited by one or more local scan policies; and
blocking the email message from being forwarded to the intended recipient based, at least in part, on determining that sending the email message to the intended recipient is prohibited by at least one of the one or more local scan policies.

US Pat. No. 10,171,473

CONTENT FILTERING FOR PERSONAL PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method comprising:determining a set of content rules that controls delivery of messages stored on a user device by an e-mail application running on the user device according to a first context profile;
receiving a selection of the first context profile from a set of context profiles;
responsive to the selection of the first context profile, filtering a first set of messages associated with the e-mail application to identify context-specific messages by applying the set of content rules; and
causing the e-mail application to deliver only the context-specific messages for display on the user device;
wherein:
each context profile of the set of context profiles is associated with a corresponding set of content rules; and
the determining a set of content rules includes identifying the corresponding set of content rules associated with a context profile selected from the set of context profiles.

US Pat. No. 10,171,472

ROLE-SPECIFIC SERVICE CUSTOMIZATION

Microsoft Technology Lice...

1. One or more computing devices comprising:one or more processors; and
one or more memory storing computer-executable instructions, which, when executed by the one or more processors, cause the one or more computing devices, in aggregate, to:
provide a computer-network-accessible service that is interacted with by an individual user, the individual user having multiple roles and interacting with the service differently depending on which of the multiple roles the individual user has assumed during the individual user's interaction with the service;
receive a detected action of the individual user;
select, from among the multiple roles, a current role of the individual user based on the detected action of the individual user, the detected action having been previously associated with the current role as a role determinant of the current role; and
select a current role profile, which controls the individual user's interactions with the service, based on the selected current role, the current role profile comprising an explicit enumeration of both: (1) at least one included profile detail and (2) at least one excluded profile detail.

US Pat. No. 10,171,471

EVIDENCE-BASED ROLE BASED ACCESS CONTROL

International Business Ma...

1. A method for assigning roles to multiple users of a computer system, comprising:assigning, to the multiple users, respective sets of original roles for accessing data stored on the computer system;
performing, in response to requests from the multiple users, multiple operations on the data;
generating a transaction log file comprising a plurality of entries, each of the entries storing attributes of a given operation;
identifying, by a processor based on the entries in the log file, a respective set of learned roles for each of the multiple users by defining, for each transaction log entry, a connection comprising one or more of the attributes and indicating a path from one of the multiple users to a given table accessed by the one of the users, identifying a unique set of the connections, defining a set of initial roles in a one-to-one correspondence with the unique set of the connections, each of the initial roles comprising an initial set of the users and a set of initial permissions, and applying, by the processor to the initial roles, a Hierarchical Clustering algorithm to identify the set of learned roles, each of the learned roles comprising a set of clustered permissions and associated with a subsequent set of the users;
assigning, to each given user, the respective sets of the learned roles associated with the given user; and
restricting, to the multiple users based on their respective assigned learned roles, access to the data on the computer system.

US Pat. No. 10,171,469

INFORMATION PROCESSING SYSTEM, ACCESS METHOD, AND TERMINAL DEVICE

Ricoh Company, Limited, ...

1. An information processing system comprising:a terminal device; and
an information processing apparatus including,
a processor configured to register information, the information linking a content to a target image, and
a memory configured to store a medium code and device information such that the medium code is associated with the device information, the device information identifying the terminal device wherein
the terminal device including a processor configured to,
obtain a captured image by capturing a subject, the captured image including the target image and a code image extractable from the captured image, the code image being on the target image, the code image being designable based on the target image,
acquire access destination information from the information processing apparatus based on the captured image, the access destination information indicating a source of the content,
retrieve, via the source, the content corresponding to the captured image based at least on the medium code acquired from the code image such that, if the medium code is registered to a different terminal device, the processor of the terminal device is unable to retrieve the content from the source, and
provide, via a display, the content linked to the target image included in the captured image based on the code image extracted from the captured image.

US Pat. No. 10,171,468

SELECTIVE PROCESSING OF APPLICATION PERMISSIONS

International Business Ma...

1. A method for processing application permission requests, the method comprising:detecting, by a processor of a computing system, that an application has been downloaded to the computing system;
establishing, by the processor, a data exchange between the application and a gateway interface of the computing system to prevent a data exchange between an operating system of the computing device and the application, by at least one of intercepting and overriding APIs of the application, in response to the application being downloaded to the computing system;
receiving, by the processor, one or more permission requests from the application for resources located on the computing system;
determining, by the processor, that at least one of the one or more permission requests is a required permission of the application;
prompting, by the processor, the user to decide the one or more permission requests;
receiving, by the processor, a denial of the required permission from the user, in response to the prompting;
responding, by the processor, to the application by providing spoofed resources to the application to satisfy the required permission of the application;
generating, by the processor, one or more templates of simulated spoofed resources over time based on a learning algorithm that analyzes historical responses of spoofed resources to required permissions; and
storing, by the processor, the one or more templates for automatically simulating spoofed resources to satisfy the required permissions of subsequent applications downloaded to the computing system.

US Pat. No. 10,171,467

DETECTION OF AUTHORIZATION ACROSS SYSTEMS

International Business Ma...

1. A computer-implemented method comprising:receiving, at a first system and from a second system unauthorized by the first system, a request for operating a resource of the first system;
in response to an authorization chain being detected based on a first record, authorizing the operation of the resource of the first system, the authorization chain including at least a third system that authorizes the second system and is authorized by the first system, the first record at least indicating one or more systems that are authorized by the first system to operate resources of the first system wherein a record associated with the authorization chain is updated, based on a user input, creating a dynamic authorization relationship.

US Pat. No. 10,171,466

MAINTAINING A COMMON IDENTIFIER FOR A USER SESSION ON A COMMUNICATION NETWORK

Sprint Communications Com...

1. A method of operating a communication network comprising:an access node receiving an access request from a user device and responsively transferring a first authentication request for the user device to an authentication node;
the authentication node receiving the first authentication request for the user device and authorizing a communication session for the user device;
the authentication node transferring a billing identifier for the communication session for the user device to the access node responsive to the communication session authorization;
the access node receiving the billing identifier for the communication session for the user device and responsively transferring an application registration for the user device to an application node;
the application node receiving the application registration for the user device and responsively transferring a second authentication request for the user device to the authentication node;
the authentication node receiving the second authentication request for the user device, correlating the second authentication request to the authorized communication session for the user device, and transferring the billing identifier for the communication session for the user device to the application node;
the application node receiving the billing identifier for the communication session for the user device;
the access node tracking network usage for the user device over the communication session and transferring network usage records having the billing identifier for the communication session for the user device to a billing node;
the application node tracking mobile internet application usage for the user device over the communication session and transferring mobile internet application usage records having the billing identifier for the communication session for the user device to the billing node; and
the billing node receiving the network usage records and the mobile internet application usage records and responsively reconciling the network usage and the mobile internet application usage for the user device based on the billing code.

US Pat. No. 10,171,465

NETWORK AUTHORIZATION SYSTEM AND METHOD USING RAPIDLY CHANGING NETWORK KEYS

1. A method for authenticating a client device for access to a host device, the client device having a device identifier, the method comprising the steps of:generating a first timestamp in the client device, the first timestamp including at least two time unit values;
retrieving a first group of character strings from a host string table in the client device, each character string within the first group being related within the host string table to a time unit value of the first timestamp;
combining the first group of character strings into a first string set;
creating an initiating string in the client device, the initiating string including the device identifier, the first timestamp, and the first string set;
sending the initiating string to the host device;
retrieving a second group of character strings from a host string table in the host device,
each character string within the second group being related within the host string table to a time unit value of the first timestamp;
combining the second group of character strings into a second string set;
comparing the first string set to the second string set;
generating a second timestamp in the host device, the second timestamp including at least two time unit values;
sending the second timestamp to the client device;
retrieving a third group of character strings from a client string table in the client device,
each character string within the third group being related within the client string table to a time unit value of the second timestamp;
combining the third group of character strings into a third string set;
creating a verification string in the client device, the verification string including the device identifier, the second timestamp, and the third string set;
sending the verification string to the host device;
retrieving a fourth group of character strings from a client string table in the host device, the client string table being associated with the client device, each character string within the fourth group being related within the client string table to a time unit value of the second timestamp;
combining the fourth group of character strings into a fourth string set; and
comparing the fourth string set with the third string set;
granting the client device access to an advanced login stage when the fourth string set is identical to the third string set;
generating a third timestamp in the client device, the third timestamp including at least two time unit values;
sending the third timestamp to the host device;
retrieving a fifth group of character strings from a client string table in the host device, each character string within the fifth group being related within the client string table to a time unit value of the third timestamp;
concatenating the fifth group of character strings into a fifth string set in an order determined by a client sequence table in the host device, the client sequence table relating an order of time units to the value of one of the time units;
sending the third timestamp and third string set to the client device;
retrieving a sixth group of character strings from a client string table in the client device, each character string within the sixth group being related within the client string table to a time unit value of the third timestamp;
concatenating the sixth group of character strings into an order determined by a client sequence table in the client device, the client sequence table relating an order of time units to a time unit value of the third timestamp; and
comparing the sixth string set with the fifth string set; and
blocking the host device from accessing the client device when the fifth string set does not match the sixth string set.

US Pat. No. 10,171,464

DATA PROCESS APPARATUS, DATA SHARING METHOD, AND DATA PROCESS SYSTEM

Ricoh Company, Ltd., Tok...

1. A data process apparatus comprising:a processor that is configured to:
receive a creation request for creating a sharable data storage space from an unauthenticated data terminal that is not authenticated to access the sharable data storage via a first authentication route and transmit a response to the unauthenticated data terminal, the response including access data indicating authorization for accessing the sharable data storage space via a second authentication route that is different from the first authentication route and data indicating the sharable data storage created in association with the access data;
authenticate the access data when the data process apparatus receives an access request including a designation of the access data for accessing the shared data storage space from an unauthenticated data terminal connected to a same network as the data process apparatus;
receive the access request from the unauthenticated data terminal when the authentication of the access data succeeds and perform a predetermined process in accordance with the access request, and
automatically generate the access data including an access code for each sharable data storage space and transmit the response including the access data in response to the creation request from the unauthenticated data terminal the access,
wherein the data process apparatus has a table in which the access data including the access code is managed in association with said each shareable data storage.

US Pat. No. 10,171,463

SECURE TRANSPORT LAYER AUTHENTICATION OF NETWORK TRAFFIC

Amazon Technologies, Inc....

1. A method for authenticating secure transport layer network packets, the method comprising:receiving, at a computing device, a secure transport layer network packet sent from a source computing device and addressed to a destination computing device, the secure transport layer network packet comprising a transport layer network packet and a token packet associated with the transport layer network packet, wherein the secure transport layer network packet comprises one of a User Datagram Protocol (UDP) packet or a Transmission Control Protocol (TCP) packet;
obtaining, by the computing device, a verification key for the secure transport layer network packet;
utilizing, by the computing device, the verification key to verify authenticity of the secure transport layer network packet based on data contained in the token packet;
determining, by the computing device, that the verification is successful; and
in response to determining that the verification is successful, forwarding, by the computing device, the transport layer network packet to the destination computing device.

US Pat. No. 10,171,462

SYSTEM AND METHOD FOR SECURE INTERNET OF THINGS (IOT) DEVICE PROVISIONING

Afero, Inc., Los Altos, ...

1. A method comprising:generating, by an IoT service, an association between a new Internet of Things (IoT) device identification (ID) code and an association ID code, wherein the new IoT device ID code and the association ID code are each an equal length code;
storing, by the IoT service, the association in an IoT device database of the IoT service, wherein the IoT device database includes a first value indicating an IoT device has not been provisioned, and a second value indicating an IoT device has been provisioned;
providing, by the IoT service, a barcode or a Quick Response (QR) code to be printed on a new IoT device, the barcode or QR code encoding the association ID code, wherein the new IoT device stores the new IoT device ID code in a secure communication module, the secure communication module including a programmable subscriber identity module (SIM);
establishing, by an IoT hub, a local communication channel via a Bluetooth Low Energy (BTLE) link with the new IoT device, the new IoT device including the barcode or QR code printed thereon;
optically reading, by the IoT hub, the barcode or QR code to determine the association ID code from the new IoT device;
transmitting, by the IoT hub, the association ID code to the IoT service via a secure communication channel, the IoT service performing a lookup in the IoT device database using the association ID code to determine the new IoT device ID code;
identifying, by the IoT service, an encryption key on the IoT service, wherein the IoT service is to use the new IoT device ID code as the encryption key;
establishing, by the IoT service, an encrypted communication channel with the new IoT device using the encryption key and elliptic curve encryption;
provisioning the new IoT device with the IoT service;
authorizing, by the IoT service, the IoT hub to communicate with the new IoT device after the new IoT device has been provisioned; and
updating, by the IoT service, the IoT device database to indicate the new IoT device has been provisioned.

US Pat. No. 10,171,461

SYSTEM AND METHOD OF SECURE ENCRYPTION FOR ELECTRONIC DATA TRANSFER

Ceelox Patents, LLC, Ove...

1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a hardware processor, perform a method of securely transferring data between a sender and a recipient, comprising the steps of:receiving, from the sender, information indicative of biometric authentication information for the recipient, the information indicative of biometric authentication information for the recipient useable to determine a transaction-specific encryption key;
determining, by the sender, the transaction-specific encryption key;
encrypting, by the sender and using the transaction-specific encryption key, a message including the data to obtain an encrypted message;
transmitting, by the sender, the encrypted message;
receiving, by the recipient, the encrypted message;
receiving, from the recipient, biometric authentication information for the recipient, the biometric authentication information for the recipient useable to determine a transaction-specific decryption key;
determining, by the recipient, the transaction-specific decryption key;
decrypting, by the recipient and using the transaction-specific decryption key, the encrypted message to obtain the message including the data.

US Pat. No. 10,171,459

METHOD OF PROCESSING A CIPHERTEXT, APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A method executed by an authentication system that includes a terminal device and an encryption processing device, the method comprising:acquiring, by a sensor included in the terminal device, biometric information;
generating, by a first processor included in the terminal device, a ciphertext from the acquired biometric information;
receiving, by a second processor included in the encryption processing device, a request for an authentication from the first processor, the request including the generated ciphertext;
acquiring a part of a plurality of encrypted elements included in the ciphertext, each of the plurality of encrypted elements being an encrypted element in which values of a plurality of elements in a multidimensional determination target vector are respectively encrypted by homomorphic encryption, in response to the request;
decrypting the acquired part of the plurality of encrypted elements; and
determining that the authentication is failed when at least one of values obtained by the decrypting is a value other than 0 and 1.

US Pat. No. 10,171,458

WIRELESS PAIRING AND COMMUNICATION BETWEEN DEVICES USING BIOMETRIC DATA

Apple Inc., Cupertino, C...

1. A system for wireless pairing and communication between devices using biometrics, the system comprising:a device, comprising:
a processing unit;
a wireless communication component coupled to the processing unit;
a touchscreen display coupled to the processing unit;
a biometric sensor coupled to the processing unit; and
a non-transitory storage medium storing instructions executable by the processing unit to cause the device to:
display a pairing prompt on the touchscreen display when a host and the device are in wireless communication range of each other;
capture biometric data using the biometric sensor when a user initiates pairing using the touchscreen display; and
receive a configuration file from the host based at least on the captured biometric data, wherein:
the configuration file specifies an arrangement of one or more navigation items in a user interface of the host; and
the device reconfigures, based at least in part on the configuration file, an arrangement of one or more navigation items in a user interface of the device according to the arrangement of the one or more navigation items in the user interface of the host, thereby causing a configuration of the device to resemble the configuration of the host.

US Pat. No. 10,171,457

SERVICE PROVIDER INITIATED ADDITIONAL AUTHENTICATION IN A FEDERATED SYSTEM

International Business Ma...

1. A method for accessing, initiated by a service provider, a high value transaction website using an additional authentication, the method comprising:accessing, by a processor, a website hosted by a service provider, wherein;
the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and
the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites;
responsive to receiving a validated user identification associated with the user and password associated with the user, requesting, by the processor, a token from an identity provider that maintains the FSSO credentials for the website, wherein;
the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO;
the token restricts the user to access only a transaction at the website; and
the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access;
receiving, by the processor, the token and causing the token to be stored at the service provider;
receiving a second indication, by the processor, that the token has been inserted into a security protocol and is validated by the identity provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors;
receiving, by the processor, a second indication that the user's session of the website has expired;
subsequent to the second indication that the user's session of the website has expired, requesting to access, by the processor, the transaction at the website;
executing, by the processor, the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website;
subsequent to the second indication that the user's session of the website has expired, causing, by the processor, the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and
responsive to validation of a submission of the one-time password accessing, by the processor, the transaction at the website hosted by the service provider.

US Pat. No. 10,171,456

WIRELESS AUTHENTICATION SYSTEM AND WIRELESS AUTHENTICATION METHOD FOR ONE TIME PASSWORD OF MOBILE COMMUNICATION TERMINAL HAVING NEAR FIELD COMMUNICATION FUNCTION

SCTECHONE CO, LTD., Seou...

1. A one-time password (OTP) authentication system comprising an OTP authentication server, the OTP authentication system comprising:a web service server configured for providing one of an OTP generator registration means and an OTP authentication means depending on whether an OTP generator is registered when a user requests a web service requiring OTP authentication through a user authentication terminal, transmitting one of an OTP generator registration request signal, which comprises user identification information and identification information for a mobile communication terminal of the user, and an OTP authentication request signal, and providing the web service depending on an OTP verification result received in response thereto;
a wireless OTP generator configured for generating and displaying an OTP when an OTP generation event occurs and wirelessly transmitting the OTP when an OTP request signal is received;
a mobile communication terminal configured for obtaining the OTP generated by the wireless OTP generator when an OTP request message is received and transmitting OTP authentication information comprising the OTP and identification information of the mobile communication terminal; and
a touch authentication server configured for obtaining the OTP authentication information and registering the wireless OTP generator and the mobile communication terminal through the mobile communication terminal when the OTP generator registration request signal is received from the web service server, obtaining the OTP authentication information through a mobile communication terminal corresponding to the user identification information when an OTP authentication request signal for registered user identification information is received, verifying an OTP of the obtained OTP authentication information through the OTP authentication server, and providing an OTP verification result to the web service server,
wherein the wireless OTP generator comprises: an OTP processing unit configured for generating, displaying, and outputting the OTP; and
a wireless processing unit configured for receiving and storing the OTP and wirelessly transmitting the stored OTP to the mobile communication terminal through an antenna when an OTP request signal is received from the mobile communication terminal through the antenna, and
wherein the wireless processing unit comprises: a wireless card processing unit configured for performing operations according to a wireless card function;
a wireless OTP processing unit configured for receiving and storing, in an activated state, an OTP output from the wireless processing unit, and wirelessly transmitting the stored OTP to the mobile communication terminal through the antenna, upon receiving the OTP request signal through the antenna; and
an OTP interlocking unit configured for activating the wireless card processing unit to perform the wireless card function by default, and receiving a wireless OTP processing unit driving request signal through communication with the OTP processing unit to activate the wireless OTP processing unit,
wherein the OTP processing unit comprises:
a first display unit, displaying the OTP;
an input unit, comprising at least one button, which comprises an OTP generation button, and outputting a button signal indicating a pressed button;
a power supply unit, supplying power to the OTP processing unit; and
an OTP control unit, receiving the power to operate the OTP processing unit, detecting the OTP generation event due to an input of the OTP button signal to generate the OTP, displaying the OTP on the first display unit, and outputting the OTP, and
wherein the web service server transmits transaction information to the touch authentication server when a transaction event is generated by an arbitrary web service, and determines whether to provide a corresponding web service according to whether the transaction information is approved,
the touch authentication server transmits, to the mobile communication terminal, the transaction information upon receiving the transaction information by the transaction event generated from the web service server, and receives information about whether to approve the transaction information from the mobile communication terminal and provides the information about whether to approve the transaction to the web service server,
the mobile communication terminal displays the transaction information to a user upon receiving the transaction information, requests driving of the wireless OTP processing unit of the wireless OTP generator upon receiving approval of the user, and transmits the transaction information,
the wireless OTP processing unit of the wireless OTP generator stores the transaction information upon receiving the transaction information, and
the OTP processing unit loads the transaction information when the transaction information is stored in the wireless OTP processing unit at a time that the OTP generation event occurs, and reflects the transaction information to generate the OTP.

US Pat. No. 10,171,455

PROTECTION OF APPLICATION PASSWORDS USING A SECURE PROXY

International Business Ma...

1. A computer system comprising one or more hardware processors, one or more tangible computer readable storage media, a memory, and program instructions stored on at least one of the one or more tangible computer readable storage media, which, when executed by at least one of the one or more hardware processors, cause the at least one of the one or more hardware processors to perform a method comprising:receiving, by a proxy server from a client computer, a request to access a protected resource located on a target server;
sending, by the proxy server to the client computer, an authentication challenge;
receiving, by the proxy server from the client computer, a response to the authentication challenge;
in response to authenticating, by the proxy server, the received response to the authentication challenge, initiating a secure active session between proxy server and client computer;
forwarding, by the proxy server to the target server, the protected resource access request;
receiving, by the proxy server from the target server, an access request response, wherein the access request response is a credential form including credential fields required to access the protected resource;
injecting, by the proxy server, into each required credential field, a corresponding credential field tag;
sending, by the proxy server to the client computer, the tagged credential form;
receiving, by the proxy server from the client computer, the tagged credential form with tagged credentials in the required credential fields with the credential field tags;
retrieving, by the proxy server from a protected datastore, target credentials mapped by the credential field tags;
replacing, by the proxy server, the tagged credentials in the tagged credential form with the corresponding retrieved target credentials;
sending, by the proxy server to the target server, the target credentials;
receiving, by the proxy server from the target server, an indication that the target credentials are invalid;
updating, by the proxy server, the target credentials and storing the updated target credentials in the protected data store without client computer intervention;
sending, by the proxy server to the target server, the updated target credentials; and
allowing, by the proxy server, the client computer to access the protected resource, in response to the target server validating the updated target credentials.

US Pat. No. 10,171,454

METHOD FOR PRODUCING DYNAMIC DATA STRUCTURES FOR AUTHENTICATION AND/OR PASSWORD IDENTIFICATION

1. A method for generating a changing authentication input or password required for a user in an access attempt for accessing a computing device such as a smartphone or server over a network, where said computing device is in operative communication with both a display capable of rendering objects in a Graphic User Interface (GUI) and an alphanumeric input component such as a keyboard, and running software adapted for operation and the steps of:communicating to said user, a GUI for input of a static code for and storing said static code in electronic memory as a stored static code;
communicating a GUI to said user for inputting of recognizable objects to be depicted amongst said objects;
storing said recognizable objects input by said user in electronic memory as uploaded recognizable objects;
having said user employ said input component to communicate alphanumeric characters associated to each respective uploaded recognizable object;
storing said alphanumeric characters communicated from said user in electronic memory as inputted alphanumeric characters which are associated with each said uploaded recognizable object, in a relational database;
upon an access attempt to said computing device, communicating a said GUI displaying at least one said uploaded recognizable object as at least one recognizable object depicted in a group of depicted said objects;
communicating a said GUI directing said user to input alphanumeric characters identifying said at least one recognizable object,
having said user communicate a current input of said static code;
generating an alphanumeric string from a combination of said alphanumeric characters input as identifying said at least one recognizable object in a combination with said current input of said static code input by said user;
generating a comparative authentication string from said inputted alphanumeric characters stored in electronic memory which are associated with said uploaded recognizable object depicted as said at least one recognizable object, in combination with said stored static code; and
authenticating said user if said comparative authentication string is determined to have a match with said alphanumeric string whereby access security for users of computers, websites and servers is enhanced by generation of different alphanumeric strings which must match differently generated comparative authentication strings, with each access attempt.

US Pat. No. 10,171,453

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

INTERNATIONAL BUSINESS MA...

1. A system, comprising:a memory; and
a processor programmed to execute a secure messaging component to:
determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender;
identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender;
determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and
sign the message on behalf of the message sender using the private key of the selected secured digital certificate.

US Pat. No. 10,171,452

SERVER AUTHENTICATION USING MULTIPLE AUTHENTICATION CHAINS

International Business Ma...

1. A method to authenticate a server to a client, the server having an associated public key, comprising:associating “n” distinct certificates to the server's public key, each of the “n” distinct certificates being issued by a distinct certificate authority (CA), wherein each of the distinct certificates has a certification chain with a different root certificate authority, wherein the certificate chains for the “n” distinct certificates are valid and non-overlapping with respect to their intermediate and root CAs;
responsive to the client initiating a request for a secure channel to the server during a cryptographic handshake, providing the client the “n” distinct certificates; and
responsive to receipt from the client of an indication that the public key satisfies a client public key acceptance policy, establishing completing the cryptographic handshake to establish the secure channel between the client and the server;
the client public key acceptance policy specifying a required number of valid, non-overlapping certificate chains that must be present to satisfy a client threshold level of trust to thereby improve security of the cryptographic handshake.

US Pat. No. 10,171,451

DISTRIBUTED SINGLE SIGN-ON

International Business Ma...

1. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t1 storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t2=t1 of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data, wherein said username is different for every verifier server, and wherein said secret data comprises data indicative of said username for each verifier server;
on receipt from the user computer of an authentication request sent to each of at least t1 authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers;
on receipt from the user computer of a token request sent to each of at least a plurality T=t1 of said at least t1 authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

US Pat. No. 10,171,450

GLOBAL TIME BASED AUTHENTICATION OF CLIENT DEVICES

Sprint Communications Com...

1. A system for authenticating client devices for communication with one or more wireless communications networks, the system comprising:a time tracking system; and
a security gateway comprising a processor and a non-transitory computer storage medium storing computer-useable instructions that, when used by the processor, cause the processor to:
receive at least one gateway global time from the time tracking system, the gateway global time being synchronized with a client global time;
provide an authentication challenge to the client device, the authentication challenge generated based on the at least one gateway global time and a client device identifier;
generate an expected response to the authentication challenge based on at least the authentication challenge, the client device identifier, and the client global time;
receive a response to the authentication challenge, the response generated by the client device; and
authenticate the client device on a wireless communications network based on comparing the response and the expected response using a matching function.

US Pat. No. 10,171,449

ACCOUNT LOGIN METHOD AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An account login method, comprising:storing, by a server, an association relation between a first account and a second account, and storing information of a login target corresponding to the second account;
receiving, by the server, a login request for using the first account to log in to the login target corresponding to the second account, retrieving login configuration information of the second account based on the association relation between the first account and the second account, and sending the login configuration information of the second account to the login target corresponding to the second account; and
logging in to the login target corresponding to the second account according to the login configuration information of the second account;
wherein the login request is a common login request that comprises an account identity of the first account, an account password of the first account, and the information of the login target corresponding to the second account; and the method further comprises:
authenticating the first account based on the account identity of the first account and the account password of the first account.

US Pat. No. 10,171,446

METHOD AND APPARATUS FOR LIMITING TRAFFIC RATE TO AN ORIGIN SERVER

CLOUDFLARE, INC., San Fr...

1. A method in a proxy server of limiting a rate at which traffic is received at an origin server, the method comprising:receiving, from a client device, a first request for a resource at an origin server;
transmitting, to the client device, a first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached, and wherein the refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed;
receiving as a result of the refresh instruction a second request for the resource from the client device, wherein the second request includes the first cryptographic token;
determining that the first cryptographic token is not valid; and
responsive to determining that the first cryptographic token is not valid, performing:
(a) determining a number of requests that are to be transmitted to the origin server as a result of validity of their respective cryptographic token,
(b) responsive to determining, based on the number of requests that are to be transmitted to the origin server and based on a maximum number of client devices that can access the origin server during a predetermined interval of time, that the second request can be assigned a second cryptographic token that is not valid until a second predetermined time is reached, wherein the second predetermined time occurs earlier than the first predetermined time, transmitting a second response including the refresh instruction, a second refresh time, and the second cryptographic token,
(c) responsive to determining that the second request cannot be assigned the second cryptographic token, transmitting a third response that includes the refresh instruction, the first refresh time, and the first cryptographic token,
(d) receiving a third request for the resource from the client device, wherein the third request includes at least one of the first cryptographic token and the second cryptographic token,
(e) repeating (a), (b), (c) and (d) until receiving a request from the client device that includes at least one of the first cryptographic token and the second cryptographic token that is valid, and
(f) responsive to determining that at least one of the first cryptographic token and the second cryptographic token is valid, fulfilling the third request.

US Pat. No. 10,171,445

SECURE VIRTUALIZED SERVERS

International Business Ma...

13. A computer program product for providing secure access to physical resources via a partitionable input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer processing circuit to cause the circuit to perform the method comprising:receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
receiving, from the Kerberos server, a valid ticket,
granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.

US Pat. No. 10,171,444

SECURITIZATION OF TEMPORAL DIGITAL COMMUNICATIONS VIA AUTHENTICATION AND VALIDATION FOR WIRELESS USER AND ACCESS DEVICES

IronClad Encryption Corpo...

1. One or more access devices or one or more user devices or both one or more access devices and one or more user devices comprising: at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory; one or more real or one or more virtual master distributed auto-synchronous array (DASA) databases or both one or more real and one or more virtual master distributed auto-synchronous array (DASA) databases located within or external to said access devices and said user devices, where said master (DASA) databases at least store and retrieve data and also include at least two or more partial distributed auto-synchronous array (DASA) databases, wherein said partial DASA databases function in either an independent manner, a collaborative manner or both an independent manner and a collaborative manner, wherein said master and said partial DASA databases analyze and provide information in a form of data and act to control one or more output devices, wherein said output devices are computing devices, wherein said one or more output devices create user devices, and wherein said master and said partial DASA databases configure bi-directional transmission of data to and from multiple partial user devices, to and from multiple partial access devices or to and from both multiple partial user and multiple partial access devices, wherein said user devices and said access devices are computing devices, and wherein one or more partial user and one or more partial access devices store and provide at least partial copies of portions of said master DASA databases, and wherein said master DASA databases, said partial DASA databases or both said partial DASA databases and said master DASA databases are linked and communicate with each other as well as inclusion of one or more logging and monitoring databases that provide statistical and numerical calculations utilizing data, wherein said one or more access devices authenticate using a first set of computing operations, and validate using a second set of computing operations, and wherein a third set of computing operations controls access for a specified set of users, wherein said computing operations define rules utilized to provide logic with regard to communications between said master and said partial DASA databases and said partial user and said partial access devices.

US Pat. No. 10,171,443

DISPLAYING THE ACCESSIBILITY OF HYPERLINKED FILES

International Business Ma...

1. A method for displaying an accessibility of a hyperlinked file, the method comprising:extracting a hyperlink from a target file, wherein the hyperlink references a resource displayable on a display apparatus, wherein the hyperlink is extracted from the target file in response to determining that a predetermined duration of time has lapsed since a previous determination of the accessibility of the resource, wherein extracting a hyperlink from a target file further comprises:
retrieving a FORM tag from a source code of the resource;
determining the source code of the resource comprises a first INPUT tag having a first attribute comprising a password attribute;
determining the source code of the resource comprises a second INPUT tag having a second attribute comprising a submit attribute;
determining the source code of the resource comprises a third INPUT tag having a third attribute that is not a password attribute and not a submit attribute; and
determining the hyperlink includes an authentication screen;
attempting to acquire the resource by performing a first authentication operation configured to fail and, in response, receiving a first object, wherein the first authentication operation configured to fail comprises the first authentication operation configured to generate an error screen, wherein the first object comprises a first screenshot of the error screen, wherein the first authentication operation includes inputting into an authentication screen a character string that includes characters that are not permitted to be used as the authentication information;
acquiring a second object by performing a second authentication operation using pre-determined authentication information, wherein the second object comprises a second screen shot of a screen resulting from the second authentication operation, wherein the pre-determined authentication information is associated with network position information of the resource, and wherein the second authentication operation is based, at least in part, on the network position information, wherein the pre-determined authentication information comprises a user identifier, a password, a determination date, and a determination time for the network position information, wherein the determination date indicates a date the second authentication operation was previously performed, and wherein the determination time indicates a time that the second authentication operation was performed on the determination date;
comparing the first object and the second object to determine if the first object is the same as the second object, wherein comparing the first object and the second object comprises comparing the first screen shot to the second screen shot; and
presenting, via the display apparatus, information indicating the accessibility of the resource, wherein the information is based, at least in part, on the comparison between the first object and the second object and further based, at least in part, on the target file.

US Pat. No. 10,171,442

PREDICTING A NEED FOR AND CREATING TEMPORARY ACCESS TO A COMPUTER COMPONENT IN INFRASTRUCTURE INFORMATION TECHNOLOGY

International Business Ma...

1. A method of provisioning temporary access to a computer component, the method performed by at least one hardware processor, the method comprising:based on monitoring the computer server, receiving a signal comprising a request that requires executing an action on a computer server;
determining a server configuration associated with the computer server by accessing at least one storage device storing a configuration database;
determining based on the server configuration, a technology associated with executing the action on the computer server;
searching a user profile database stored on the at least one storage device to identify candidate users having a skill set associated with the technology;
determining availability, location and a skill level of the candidate users;
predicting based on historical data a duration the candidate users would take to execute the action on the computer server;
based on at least the duration, the availability, the location and the skill level of the candidate users, determining at least one user from the candidate users to execute the action on the computer server; and
creating a temporary access credential for the at least one user to access the computer server to execute the action, the temporary access credential having expiration duration, the expiration duration covering a duration of time the at least one user takes to perform the action,
wherein the temporary access credential is created by interfacing with an authentication system associated with the computer server, and wherein the action is executed on the computer server.

US Pat. No. 10,171,441

SYSTEM AND METHOD FOR TRANSFORMING CHANNEL ID COMMUNICATIONS IN MAN-IN-THE-MIDDLE CONTEXT

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising:generating, by a Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspector, a secret;
receiving, from a client, the Channel ID communication comprising a public key value;
deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication;
generating, by the SSL/TLS inspector, a new private key based upon the random seed value;
deriving, by the SSL/TLS inspector, a new public key based upon the new private key;
generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and
forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

US Pat. No. 10,171,440

METHOD AND APPARATUS FOR MANAGING ENCRYPTION KEYS FOR CLOUD SERVICE

SAMSUNG SDS CO., LTD., S...

1. A key management method, comprising:encrypting a service key used by an instance of a first user of a cloud service, by using a master key;
generating, with a key access server, two or more key pieces for reconstructing the master key;
distributing, by the key access server, the two or more key pieces to two or more host servers included in a host group for providing the cloud service via a key sharing protocol, and storing each key piece in a different host server;
receiving a request for the service key from the instance of the first user;
receiving, at the key access server, the two or more key pieces from the two or more host servers and reconstructing, by the key access server, the master key based on the received two or more key pieces; and
decrypting the encrypted service key by using the reconstructed master key, wherein the key sharing protocol is a protocol which permits data communication between the key access server and the two or more host servers and does not permit data communication between the two or more host servers, and
wherein the two or more host servers determine whether the key access server is a malicious server by verifying key pieces opened by the key access server.

US Pat. No. 10,171,439

OWNER BASED DEVICE AUTHENTICATION AND AUTHORIZATION FOR NETWORK ACCESS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:granting access to a network to any one of multiple devices of a same-owner,
each of said multiple devices having been previously associated with said same-owner at an authentication server, with the result that a plurality of device keys for authenticating said multiple devices are stored on said authentication server; and
said same-owner has previously been authorized to gain access to said network, such that a same-owner identification (ID) is stored on said authentication server;
listing of a device selected from any one of said multiple devices of said same-owner on said authentication server controlled by a network operator;
adding said same-owner ID to a same-owner-based access list of said same-owner associated with an operator ID of said network operator;
for each said device of said multiple devices, a private key is stored on said device, whereas a public key, associated with said same-owner, is stored on said authentication server on the public internet in the cloud;
associating each of said plurality of said device keys with a respective one of a plurality of device identification (IDs) or at least one of said multiple devices in said same-owner-based access list;
updating said same-owner-based access list to associate at least one of said plurality of device keys, or at least one of said plurality of device IDs with said same-owner ID;
receiving by said network operator, a network access request from and for said device to connect to said network, said device being one of said multiple devices of said same owner, wherein said network access request includes a device ID of said device requiring said network access request to be identified by said authentication server, but said network access request does not include said same owner ID;
receiving, by said authentication server from said network operator the network access request for said device;
authenticating, by said authentication server, said device using said device ID included in said network access request and a device key selected from said plurality of device keys, that is associated with said device ID on said same-owner-based access list and stored on said authentication server;
performing additional authentication in a challenge-response process between said authentication server and said device, based on the device key;
confirming, responsive to the additional authentication being successful, that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list; and
sending a notification causing said network operator to grant said device selected from any one of said multiple devices of said same-owner, access to said network, upon authenticating said device and confirming that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list;
wherein said network access request is confirmed by said authentication server, if said device, selected from any one of said multiple devices of said same-owner, is successfully authenticated, or if said same-owner of said device is confirmed to be associated to said device on said authenticated server, such that, in either case, said same-owner is authorized to access said network with the result that the access is same-owner-based and not device-based.

US Pat. No. 10,171,438

GENERATING A PASSWORD

INTERNATIONAL BUSINESS MA...

1. A method for generating a password, the method comprising:receiving, by a computer system, user input from a user for identifying a particular account from among a plurality of accounts;
selecting, by the computer system, a set of questions specific for the particular account from among a plurality of questions;
receiving, by the computer system, further user input comprising one or more received responses to each question of the set of questions;
determining, by the computer system, at least one hash by applying a hash function to the one or more received responses of each question of the set of questions;
generating, by the computer system, a password for the account based on the one or more received responses by selecting at least one hashed character from the at least one hash as one or more characters of a plurality of characters of the password; and
associating, by the computer system, an ordered index of the set of questions from among the plurality of questions and a particular character position of each at least one hashed character within the at least one hash, for use in recreating the password.

US Pat. No. 10,171,437

TECHNIQUES FOR SECURITY ARTIFACTS MANAGEMENT

Oracle International Corp...

1. A method comprising:receiving a request to manage security of an application;
identifying, by a computer system of a security management system, a plurality of security artifacts related to security for accessing the application, wherein the computer system is in a secure zone protected by one or more security measures;
determining, by the computer system, security access for accessing the application;
generating, by the computer system, a security artifact archive for the application, the security artifact archive including security data and security artifact data, wherein the security data is based on the security access, wherein the security data includes an access policy that indicates the security access and the security data includes attribute data indicating one or more attributes of the application, and wherein the security artifact data identifies one or more of the plurality of security artifacts;
storing the security artifact archive in association with an application identifier that identifies the application and a version identifier corresponding to the application, wherein the version identifier indicates a version of the security artifact archive, and wherein different versions of the security artifact archive correspond to changes in security access based on a different version of the application; and
responsive to the request, transmitting, by the computer system, the security artifact archive to the application, wherein the application operates to manage security for accessing the application based on the security artifact data and the security access in the security data of the security artifact archive, and wherein the application is outside the secure zone.

US Pat. No. 10,171,436

DISTRIBUTED LEARNING AND AGING FOR MANAGEMENT OF INTERNET PROTOCOL (IP) ADDRESSES

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a device, a packet associated with a malicious source,
the device including a plurality of security process units (SPUs) arranged in a ring of SPUs;
receiving back, by a first SPU in the ring of SPUs, a delete query message generated by the first SPU;
changing, by the first SPU, a first entry, associated with the packet, of the first SPU based on receiving back the delete query message; and
providing, by the first SPU and based on changing the first entry of the first SPU, a delete action message to a second SPU in the ring of SPUs,
the delete action message including an instruction to change a state of a second entry of the second SPU, and
the second entry corresponding to the first entry.

US Pat. No. 10,171,435

DEVICES THAT UTILIZE RANDOM TOKENS WHICH DIRECT DYNAMIC RANDOM ACCESS

IronClad Encryption Corpo...

1. One or more devices that encrypt data transmitted to or decrypt data received from or both transmit said data to and decrypt said data received from said devices that utilize one or more master keys comprising:at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory;
at least one encrypter or decrypter or both an encrypter and a decrypter that encrypt or decrypt or both encrypt and decrypt said data or associated data files or both said data and said associated data files that utilize one or more master keys and one or more key selectors, where one or more key selectors provide selection and provision of one or more encryption keys for each segment of bit by bit data or byte by byte data or both bit by bit data and byte by byte data, wherein said master keys and said key selectors produce a specific set of one or more executable encryption keys that encrypt or decrypt or both encrypt and decrypt said data or said associated data files or both said data and said associated data files where one or more said key selectors coincide with at least one value that directly corresponds with created cipher data or created cipher data files or both said created cipher data and said created cipher data files,
and wherein said key selectors are also encrypted and decrypted,
and wherein said key selectors and said created cipher data and said created cipher data files produce result data and result data files where said created cipher data and said created cipher data files together with said result data and said result data files are sealed to produce encrypted data and encrypted data files that are only encrypted and decrypted with one or more said master keys and one or more said key selectors.

US Pat. No. 10,171,431

SECURE MESSAGE HANDLING OF AN APPLICATION ACROSS DEPLOYMENT LOCATIONS

International Business Ma...

1. A method for secure message handling of an application across deployment locations, said method comprising:dividing, by one or more processors of a computer system, the application into multiple processing nodes which process messages and which can be deployed in multiple different locations, wherein the application processes a message comprising a plurality of data aspects, wherein each data aspect in the message includes aspect data having a data aspect value in one or more fields in the message, and wherein one or more data aspects of the plurality of data aspects include respective deployment constraints on locations in which the aspect data in the one or more data aspects is deployed;
said one or more processors analyzing the application to identify one or more processing nodes of the multiple processing nodes that reference the one or more data aspects;
said one or more processors ascertaining whether the one or more data aspects are accessed by an identified processing node of the multiple processing nodes, wherein access to each data aspect of the one or more data aspects requires a data aspect value of said each data aspect of the one or more data aspects to be known;
if said ascertaining ascertains that the one or more data aspects are accessed by the identified processing node, then said one or more processors determining a restriction for the identified processing node based on the respective deployment constraints included in the accessed one or more data aspects and deploying the identified processing node according to the determined restriction for the identified processing node;
if said ascertaining ascertains that none of the one or more data aspects are accessed by the identified processing node, then said one or more processors marking the identified processing node or a preceding processing node that precedes the identified processing node to indicate a required tokenization of the one or more data aspects, said tokenization removing the deployment constraints for the identified processing node.

US Pat. No. 10,171,430

MAKING A SECURE CONNECTION OVER INSECURE LINES MORE SECURE

1. A communication system comprising:encryption circuitry;
formatter circuitry electrically coupled with the encryption circuitry; and
transmitter circuitry electrically coupled with the formatter circuitry, wherein:
the encryption circuitry is configured for:
receiving user datagrams;
determining a first packet-to-packet boundary, a second packet-to-packet boundary, and a third packet-to-packet boundary of the user datagrams;
encrypting the user datagrams to provide encrypted datagrams;
calculating a first checksum for encrypted data between the first packet-to-packet boundary and the second packet-to-packet boundary, wherein the first checksum is a first quantity of bits;
inserting the first checksum to the encrypted datagrams at the second packet-to-packet boundary;
calculating a second checksum for encrypted data between the second packet-to-packet boundary and the third packet-to-packet boundary, wherein the second checksum is a second quantity of bits and the second quantity of bits is greater than the first quantity of bits; and
inserting the second checksum to the encrypted data at the third packet-to-packet boundary, and
providing the encrypted datagrams, the first checksum, and the second checksum to the formatter circuitry,
wherein the encryption circuitry is further configured to provide an overhead communications channel having a variable bitrate,
wherein the variable bitrate is determined at least in part by a datagram bitrate and a fixed payload availability of the formatted bit stream;
the formatter circuitry is configured for:
inserting the encrypted datagrams, the first checksum, and the second checksum as payload data to a formatted bit stream having a total bitrate of approximately 10 gigabits per second; and
providing the formatted bit stream to the transmitter circuitry, wherein the formatted bit stream is compliant to a public switched network; and
the transmitter circuitry is configured for optically transmitting the formatted bit stream over the public switched network.

US Pat. No. 10,171,429

PROVIDING SECURITY TO VIDEO FRAMES

ARRIS Enterprises LLC, S...

1. A method of processing a compressed and encrypted video media program, comprising:processing at least a portion of the video media program in a video player that includes a computer processor for processing at least a portion of the video media program, the video player operable for:
receiving the media stream, wherein the video media stream is comprised of one or more chunks;
subdividing the chunks into one or more packets, wherein one or more of the packets include video data;
obfuscating or de-obfuscating at least some of the video data, wherein the step of obfuscating or de-obfuscating comprises obfuscating or de-obfuscating the video data using a caption handling with skip and select approach where only the video data in a first set of packets is de-obfuscated so that caption data is extracted; and
concatenating the video data into one or more frames for playback by the video player.

US Pat. No. 10,171,428

CONFIDENTIAL DATA MANAGEMENT METHOD AND DEVICE, AND SECURITY AUTHENTICATION METHOD AND SYSTEM

Rowem Inc., Seoul (KR)

1. A secure authentication method for performing secure authentication of a user by an authentication system, the secure authentication method comprising:receiving, by a service server, a service request from a first communication terminal;
transmitting, by a security server, a notification message including a stored decryption key to a second communication terminal in response to a notification message transmission request received from the service server;
decrypting, by the second communication terminal, a stored encrypted code table using the decryption key received from the security server;
outputting, by the second communication terminal, a security keypad to a screen, and when at least one input value is received through the security keypad, identifying each code mapped to the received at least one input value in the decrypted code table;
generating, by the second communication terminal, authentication information consisting of a combination of each identified code, and transmitting the authentication information to the service server; and
authenticating, by the service server, the first communication terminal based on the authentication information received from the second communication terminal.

US Pat. No. 10,171,426

HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION

SAMSUNG ELECTRONICS CO., ...

1. A method of controlling, by a control device, at least one device by using control information, the method comprising:receiving, from a server, information used to configure a user interface or process an event related to controlling the at least one device by the control device, which has not been encrypted;
receiving, from the server, control information used to control at least one device, which has been encrypted using an encryption process;
transmitting a control command for controlling the at least one device according to the control information.